Security Engineer - ASM
United States of America
Full Time
2 hours ago
$53 - $60 USD
Visa Sponsor
Key skills
Vulnerability ManagementSecurity EngineeringCloud SecurityApplication SecurityVulnerability Scanning ToolsRemediation WorkflowsCVSS ScoringRisk-Based PrioritizationHealthcare SecuritySecurity CertificationsAsset DiscoveryCloud Security Posture ManagementConfiguration HardeningSecure Development LifecycleMedical Device SecurityIoT Device Security
About this role
Opusing LLC is a staffing agency seeking an Attack Surface Management (ASM) Security Engineer to reduce enterprise risk by discovering assets and identifying vulnerabilities. The role involves managing vulnerabilities across various infrastructures including cloud, applications, and IoT devices, while aligning with healthcare security best practices.
Responsibilities:
- Operate continuous asset discovery and vulnerability scanning capabilities
- Validate, prioritize, and track remediation of vulnerabilities and misconfigurations
- Support cloud security posture management and configuration hardening
- Assist with secure development lifecycle (SDL) activities and application risk findings
- Coordinate medical and IoT device vulnerability remediation and compensating controls
- Produce metrics, dashboards, and reports to support KPIs and KRIs
- Responsible for coordinating the remediation of non-active medical device vulnerabilities
- Consulted during major incidents to identify root causes and remediation guidance
Requirements:
- Associate's degree - Computer Science or a related field OR the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position
- 5–7+ years in vulnerability management, security engineering, or cloud/app security
- Experience with vulnerability scanning tools and remediation workflows
- Strong understanding of CVSS scoring and risk-based prioritization
- Healthcare environment experience is a plus but not required
- Security certifications such as Security+, SSCP, or cloud security certifications