Jobs · Engineering · Florida

Vulnerability Management & Response Engineer

Starr · Destin, FL · 2 wk ago
EngineeringFull-time

Key Responsibilities

  • Own day-to-day operations of the Tenable platform (e.g., scan configuration, scheduling, coverage monitoring, credentials management, and results troubleshooting).
  • Lead triage, assignment, and validation of vulnerability remediation tasks across infrastructure and application stakeholders.
  • Define, maintain, and enforce SLA-based remediation, including escalation and executive reporting for SLA drift.
  • Integrate Tenable findings and remediation workflows with SCCM, Intune, SOAR, SIEM, and ticketing systems to enable automated assignment, tracking, and validation.
  • Conduct quarterly reconciliation of Tenable scanner output with CMDB and asset inventories to validate coverage, ownership, and data quality.
  • Maintain an auditable exception register with documented risk acceptance, compensating controls, approvals, and expiration controls.
  • Produce VM program metrics and reporting (weekly, monthly, quarterly, and annually), including risk trends, SLA performance, and remediation outcomes.
  • Run a recurring VM governance cadence (e.g., quarterly working sessions) to review SLA drift, backlog health, scanner coverage, and tool-to-tool integrations.
  • Support internal audit and regulatory review of the Vulnerability Management program by providing evidence, metrics, and control narratives.

Required Qualifications

  • 5+ years of hands-on experience running an enterprise Vulnerability Management program (process, governance, metrics, and remediation outcomes), not just point-in-time scanning.
  • Hands-on experience with Tenable, including scan configuration, credentialed scanning, reporting, and troubleshooting.
  • Deep understanding of vulnerability scoring systems (CVSS), threat intelligence correlation, and risk-based prioritization to drive remediation sequencing.
  • Experience leading or contributing to patching strategies using SCCM, Intune, or similar tools.
  • Strong documentation and process improvement skills.
  • Proven ability to collaborate across technical and non-technical teams.

Preferred Qualifications

  • Experience integrating VM tools with SOAR, SIEM, or ticketing platforms like Remedyforce or ServiceNow.
  • Knowledge of container security, cloud-native security controls (Azure, AWS, GCP), and API-based vulnerability exposure.
  • Exposure to CMDB reconciliation and asset discovery in dynamic environments.
  • Experience presenting technical risk summaries to executive or audit stakeholders.

Similar jobs