Vulnerability Management Specialist
Core Specialty Insurance Holdings, Inc. · Cincinnati, OH · 3 wk ago
HybridOTHRFull-time
Key Accountabilities/Deliverables
- Coverage of continuous vulnerability scanning across enterprise assets using Qualys and related tools.
- Analyze scan results to validate findings, remove false positives, and assess exploitability.
- Prioritize vulnerabilities using CVSS, Qualys Detection Score (QDS), asset criticality, and business impact.
- Enforce remediation SLAs aligned to severity levels: Critical: 7 days, High: 30 days, Medium: 60 days, Low: 180 days.
- Partner with Infrastructure, EUC, Cloud, and Application teams to drive timely remediation.
- Support remediation activities using Qualys, Intune, JAMF, PolicyPak, and Microsoft Defender.
- Ensure vulnerability management activities aligned with NIST, CIS Controls, ISO 27001, and insurance regulatory expectations.
- Partner with Threat Intelligence and SOC teams to assess vulnerability exposure related to active threats.
- Develop scripts (PowerShell) and workflows to support remediation, reporting, and validation.
Technical Knowledge and Understanding
- Strong understanding of: CVSS scoring and risk prioritization, patch management and remediation workflows, endpoint, server, and cloud security fundamentals.
- Ability to analyze technical findings and communicate risk clearly to non-security teams.
- Strong documentation and organizational skills.
Experience Required
- 4+ years of experience in vulnerability management, security engineering, or threat operations.
- Hands-on experience with vulnerability scanning platforms (Qualys preferred; Tenable/Rapid7 acceptable).
- Experience working with Intune, JAMF, or similar endpoint management tools.
Technical Certifications (Preferred)
- CompTIA Security+
- Qualys Vulnerability Management certifications
- GICSP certifications (e.g., GSEC, GCIH)
- CISSP (or progress toward certification)