Operate and optimize enterprise vulnerability assessment platforms and AppSec integrations to identify, validate, and prioritize security findings across infrastructure and applications
Perform technical exploitability analysis and business-impact assessments
Translate findings into prioritized, operationally feasible remediation actions for engineering, Information Technology (IT), and operations teams
Contribute to development and operationalization of assessment playbooks, scanning standards, AppSec scanning pipelines (Static Application Security Testing/Software Composition Analysis/Dynamic Application Security Testing (SAST/SCA/DAST), reporting, and automation to improve detection fidelity and remediation velocity
Execute enterprise processes for scheduled and emergent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted assessments
Configure, tune, and maintain vulnerability scanning platforms and AppSec integrations (e.g., Rapid7, Tenable, Qualys, Snyk, Veracode), manage credentials, scopes, schedules, and scan policies
Investigate findings to distinguish true positives from false positives and to identify environmental/configuration constraints, including container, cloud, and legacy systems
Correlate vulnerability scanner output with threat intelligence, application findings (SAST/DAST/SCA), and asset criticality to produce contextualized risk ratings and remediation priorities
Assess exploitability, potential for lateral movement, and operational impact for infrastructure, middleware, and application vulnerabilities
Create remediation plans and work with system owners, application teams, and subsidiary stakeholders to coordinate fixes, compensating controls, and risk-accepted outcomes
Track remediation burndown, Service Level Agreements (SLAs), and closure
Escalate high-risk items and produce executive and technical reports tailored to stakeholder audiences
Collaborate with VASM, AppSec, DevSecOps, engineering, and IT teams to operationalize new scanning capabilities, integrate AppSec pipelines, and reduce noise through tuning and automation
Contribute to continuous improvement
Drive automation of ingestion/correlation pipelines, standardize playbooks and runbooks, and deliver training to remediation owners and subsidiary teams
Requirements
5+ years of experience with vulnerability scanning concepts and best practices
5+ years of experience with Linux and/or Windows Security
5+ years of experience troubleshooting foundational networking issues (TCP/IP, DNS, routing, firewalls)
5+ years of experience analyzing vulnerability findings, triaging true vs false positives, and identifying environmental limitations or compensating controls
5+ years of experience managing scan configurations, credentials, schedules, and assessment scope within large or distributed environments