Cybersecurity Vulnerability Scanning Engineer

Role Overview

• Manage day-to-day operations of infrastructure vulnerability scanning using Tenable Vulnerability Management (e.g., Tenable.io/Tenable.sc), including scan scheduling, execution, and monitoring.
• Configure, run, and maintain authenticated scans (credentialed checks) for Windows, Linux/Unix, and network devices, including credential management and troubleshooting failed authentications.
• Perform Linux server system administration in support of the infrastructure vulnerability scanning platform (e.g., scanner hosts), including OS hardening, patching, performance monitoring, log review, certificate management, and troubleshooting.
• Execute and tune non-authenticated scans for external and internal perspectives where applicable, ensuring safe scanning practices and minimal operational impact.
• Maintain scan coverage and accuracy through target management, asset classification, exclusions, and scanner placement considerations.
• Support vulnerability lifecycle activities by validating findings, reducing false positives, and partnering with infrastructure teams to enable effective remediation.
• Develop and maintain operational runbooks and documentation for scan standards, credential onboarding, and troubleshooting procedures.
• Produce recurring reporting and metrics on scan health, coverage, and results quality; support audit and compliance requests as needed.
• Collaborate with teams responsible for CMDB/asset inventory, identity/privileged access, networking, and patching to improve scan efficacy and remediation outcomes.

Requirements

• 5–7 years of cybersecurity experience, with demonstrated experience operating vulnerability scanning programs for infrastructure.
• Hands-on experience with Tenable Vulnerability Management, including scan policy configuration, scanners, targets/assets, and results analysis.
• Strong knowledge of authenticated (credentialed) scanning concepts and common credential types (local/domain accounts, SSH keys, SNMP, etc.).
• Working knowledge of Windows and Linux/Unix administration concepts (services, packages, patching, permissions) to support scan troubleshooting and validation.
• Solid understanding of networking fundamentals (TCP/IP, ports, routing, firewalls, VLANs) and how they affect scan reachability and performance.
• Ability to analyze vulnerability findings, prioritize based on risk/context, and communicate clearly with technical stakeholders.
• Experience tuning Tenable scan policies for performance and accuracy (safe checks, scan windows, throttling, exclusions, and plugin families).
• Familiarity with vulnerability management workflows and integrations (e.g., ServiceNow Vulnerability Response and CMDB/asset inventory alignment).
• Knowledge of network administration and routing protocols (e.g., BGP, OSPF, IS-IS).
• Experience with scripting/automation for scan operations and reporting (Python, PowerShell, Bash).
• Understanding of cloud and hybrid environments and related scanning approaches (e.g., IaaS workloads, segmented networks, and scanner placement).
• Relevant certifications (e.g., CompTIA Security+, Tenable certifications, GIAC, or equivalent).

Tech Stack

• Cloud
• Cyber Security
• Firewalls
• Linux
• Python
• ServiceNow
• TCP/IP
• Unix

Benefits

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.