Key skills
PythonBashPowerShellPrismaServiceNowJiraConfluenceCI/CDLeadershipCollaboration
About this role
Zoom Communications is a company that focuses on building a collaboration platform for enterprises. They are seeking a Senior Security Vulnerability Management Engineer to operate and mature their vulnerability management program, ensuring security policies are effectively implemented across the organization.
Responsibilities:
- Conducting vulnerability scans across systems, networks, endpoints, and applications
- Validating, prioritizing, and driving remediation of identified vulnerabilities
- Partnering with engineering and IT teams to track and improve patching cadence
- Owning vulnerability reporting, including tracking remediation status and risk exposure
- Maintaining and optimize vulnerability scanning tools and schedules
- Integrating vulnerability management tools with SIEM platforms
- Developing dashboards and metrics to provide visibility into security posture for leadership
- Creating and improving tools, documentation, processes, and techniques to support vulnerability remediation
- Leading and coordinating stakeholder meetings to review findings and remediation plans
Requirements:
- Hold a B.S. or M.S. in Computer Science, Information Security, Engineering or related fields
- Have experience working with CI/CD pipelines, containerized environments, and building, testing, and deployment in an IL4 environment
- Demonstrate understanding of FedRAMP CVE guidelines, remediation timelines, and vulnerability frameworks such as CVE and CVSS
- Bring 5+ years of experience in Information Security, including 4+ years in Vulnerability Management, and 5+ years in DevOps
- Able to perform vulnerability scanning using tools such as Tenable Nessus, Prisma Cloud, Burp Suite, and similar platforms (e.g., Qualys, Tenable)
- Demonstrate proficiency in scripting (Python, Bash, PowerShell, or similar) to automate remediation and reporting tasks
- Able to apply experience in Infrastructure Security, including OS hardening, and good knowledge of network technologies and protocols
- Utilize experience in application, network, and system security, including intrusion analysis, malware, antivirus, host-based and network forensics, and tools such as JIRA, Confluence, and ServiceNow