Database Vulnerability Scanning Engineer

Role Overview

• Administer and maintain vulnerability scanning platforms and processes focused on database technologies.
• Perform authenticated database vulnerability scans, validate results, and tune policies to reduce false positives/negatives.
• Support scanning coverage across multiple database solutions including Oracle, MySQL, MariaDB, and DB2.
• Coordinate with DBAs, infrastructure, and application teams to configure secure credentials, network paths, and least-privilege access required for scanning.
• Work with stakeholders to identify and document technical constraints that may affect scan coverage or accuracy.
• Develop and maintain SQL queries and scripts to support validation, triage, reporting, and data quality checks.
• Analyze findings related to patching, configuration, and permissions; translate technical issues into actionable remediation guidance.
• Maintain dashboards and metrics for scan coverage, data completeness, risk trends, and remediation progress.
• Integrate vulnerability findings with ServiceNow for vulnerability response workflows and CMDB alignment.
• Automate operational tasks using scripting (e.g., Python, Bash) to improve scan orchestration and reporting.

Requirements

• Hands-on experience performing and supporting database vulnerability scanning (authenticated scanning, policy tuning, and results validation).
• Experience with multiple database solutions such as Oracle, MySQL, MariaDB, and DB2.
• SQL development skills (writing queries for validation, triage, reporting, and automation support).
• Knowledge of various database attack vectors and practices (e.g., privilege escalation, injection patterns, weak authentication, insecure configuration, excessive permissions).
• Understanding of database security fundamentals: authentication models, roles/privileges, encryption options, auditing/logging, and configuration baselines.
• Experience with system administration (Linux and Windows) to support scanners, agents, and connectors.
• Proficiency in scripting/programming (Python, Bash, Perl) for automation and operational support.
• Minimum of 5-7 years of experience in cybersecurity or vulnerability management, with demonstrated experience supporting database technologies.
• Experience with vulnerability management tooling and workflows (asset onboarding, credential management, scan scheduling, exception handling, and reporting).
• Strong knowledge of database security compliance and hardening standards (e.g., CIS Benchmarks, DISA STIGs) and the ability to map scanner findings to control requirements and remediation evidence.
• Experience supporting audit and regulatory compliance efforts by producing vulnerability metrics, remediation evidence, and documentation aligned to internal policy and applicable standards (e.g., SOX, PCI DSS, HIPAA, GDPR) as required by the environment.
• Expertise with additional database platforms such as Microsoft SQL Server, Cassandra, MongoDB, and/or Sybase.
• Knowledge of web site APIs.
• Understanding of ServiceNow integrations and vulnerability response.
• Experience with AI technologies (LLM, RAG).

Tech Stack

• Cassandra
• Cyber Security
• Linux
• MariaDB
• MongoDB
• MS SQL Server
• MySQL
• Oracle
• Perl
• Python
• ServiceNow
• SQL

Benefits

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.