ServiceNow Vulnerability Response Engineer-Public Trust Required
Position Summary
The ServiceNow Vulnerability Response (VR) Engineer is responsible for designing, implementing, and optimizing the Bureau's Enterprise Vulnerability Management Program (VMP) through the ServiceNow Security Operations platform. This role supports the engineering and enhancement of the Vulnerability Response (VR) application, integrating vulnerability data sources, automating remediation workflows, and improving enterprise vulnerability reporting.
Key Responsibilities
Configure, administer, and enhance the ServiceNow Vulnerability Response (VR) application within the ServiceNow Security Operations platform.
Design and implement workflows that improve vulnerability identification, prioritization, assignment, remediation, and reporting.
Develop and maintain integrations between ServiceNow VR and enterprise vulnerability scanning platforms.
Configure business rules, workflows, forms, notifications, dashboards, and reporting to support vulnerability management operations.
Continuously improve platform functionality to increase operational efficiency and automation.
Enterprise Vulnerability Management Support
Support the organization's Enterprise Vulnerability Management Program (VMP) by improving vulnerability lifecycle management.
Integrate vulnerability findings from multiple scanning tools into ServiceNow to provide centralized visibility and workflow management.
Support risk-based vulnerability prioritization based on exploitability, business criticality, asset value, and operational impact.
Collaborate with remediation teams to ensure vulnerabilities are tracked through closure and validated appropriately.
Develop vulnerability reporting metrics and executive dashboards supporting organizational risk management.
Security Operations & GRC Integration
Support integration between ServiceNow Vulnerability Response (VR), Security Incident Response (SIR), Governance, Risk, and Compliance (GRC), CMDB, and other ServiceNow modules.
Cook up coordination with Security Operations, Risk Management, Compliance, and Infrastructure teams to improve operational workflows.
Ensure vulnerability management processes align with enterprise governance and cybersecurity policies.
Aid in documenting vulnerability management procedures and operational processes.
Automation & AI
Implement automation capabilities that improve vulnerability ingestion, enrichment, prioritization, and remediation workflows.
Utilize AI-enabled capabilities to identify high-risk vulnerabilities based on exploitability, threat intelligence, and business impact.
Research emerging automation and AI technologies that improve vulnerability management effectiveness and scalability.
Recommend workflow improvements that reduce manual effort and accelerate remediation activities.
Reporting & Continuous Improvement
Develop executive-level vulnerability reporting, operational dashboards, and compliance metrics.
Monitor program performance and recommend enhancements to vulnerability management processes.
Analyze trends to identify recurring weaknesses and opportunities to improve organizational security posture.
Maintain documentation supporting platform configuration, integrations, workflows, and operational procedures.
Required Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field.
5+ years of experience supporting enterprise Vulnerability Management Programs.
Extensive hands-on experience with:
ServiceNow Security Operations
ServiceNow Vulnerability Response (VR)
ServiceNow Security Incident Response (SIR)
ServiceNow Governance, Risk, and Compliance (GRC)
Experience integrating enterprise vulnerability scanners (such as Tenable, Qualys, Rapid7, or Microsoft Defender Vulnerability Management) with ServiceNow.
Strong understanding of vulnerability lifecycle management, remediation workflows, and risk-based prioritization.
Experience configuring ServiceNow workflows, dashboards, reporting, business rules, and automation.
Knowledge of vulnerability scoring methodologies, including CVSS, exploitability metrics, and business impact analysis.
Strong understanding of enterprise cybersecurity operations and vulnerability management best practices.
Excellent analytical, troubleshooting, and communication skills.
Preferred Qualifications
ServiceNow Certified System Administrator (CSA)
ServiceNow Certified Implementation Specialist – Vulnerability Response (CIS-VR)
ServiceNow Certified Implementation Specialist – Security Incident Response (CIS-SIR)
ServiceNow Certified Application Developer (CAD)
CISSP (Certified Information Systems Security Professional)
Experience supporting federal government cybersecurity programs
Familiarity with AI-enabled vulnerability prioritization and automated remediation capabilities
Experience integrating ServiceNow with enterprise CMDB, ITSM, and Security Operations platforms.