Senior Security Vulnerability Engineer
United States of America
Full Time
4 hours ago
Visa Sponsor
Key skills
Vulnerability ManagementWizTenableQualysRapid7VulcanKennaCVSSPatch ManagementRisk-based PrioritizationWindowsLinuxmacOSAWSAzureGCPCSPMCNAPPPrisma CloudOrcaAIKubernetesDockerServerlessPrismaServiceNowSaaSJiraLeadershipRisk ManagementCommunicationCloud Security
About this role
AspenView Technology Partners is dedicated to transforming how organizations utilize technology, focusing on building high-performing IT teams for North American clients. They are seeking a Senior Security Vulnerability Engineer to lead and enhance a scalable vulnerability management program, collaborating across teams to ensure effective identification and remediation of vulnerabilities.
Responsibilities:
- Own and advance the enterprise vulnerability management lifecycle — scanning, triage, risk scoring, remediation tracking, validation, and continuous improvement
- Leverage AI systems to automate patches and configuration changes, driving toward near real-time exploit resolution
- Optimize the vulnerability management platform for accurate, automated, and scalable coverage across infrastructure, applications, and cloud environments
- Develop executive-level metrics and reporting to drive accountability and communicate vulnerability posture to leadership
- Apply a risk-based prioritization model using CVSS, system criticality, threat intelligence, and compensating controls to determine remediation urgency
- Partner cross-functionally with Red Team, IT, Engineering, SRE, and Compliance to identify and mitigate risks tied to end-of-life systems and cloud-native vulnerabilities
- Manage scanning exemptions and vulnerability exceptions through their full lifecycle, including documentation, justification, and remediation tracking
- Drive visibility and remediation of cloud misconfigurations, exposed services, and over-permissioned identities across the organization
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field — or equivalent practical experience
- 8+ years in cybersecurity, with at least 3 years focused on vulnerability management or risk management in a SaaS environment
- Hands-on expertise with vulnerability management platforms such as Wiz, Tenable, Qualys, Rapid7, Vulcan, or Kenna
- Strong command of CVSS, patch management, remediation SLA management, and risk-based prioritization
- Solid understanding of operating systems (Windows, Linux, macOS), networking, and major cloud platforms (AWS, Azure, GCP)
- Experience with CSPM/CNAPP platforms such as Wiz, Prisma Cloud, or Orca
- Excellent analytical and communication skills with a track record of influencing stakeholders at all levels
- Experience with container security and cloud-native environments (Docker, Kubernetes, serverless)
- Knowledge of security frameworks such as NIST CSF, PCI DSS, SOC 2, or ISO 27001
- Experience automating remediation workflows or integrating vulnerability data into Jira or ServiceNow
- Relevant certifications: CISSP, CISM, OSCP, GIAC/GVMS, or cloud security certifications