Senior Vulnerability Management Engineer

SENIOR VULNERABILITY MANAGEMENT ENGINEER

NO 3RD PARTIES HERE PLEASE

Information Security

Irving, TX - Hybrid (Monday, Wednesday, Thursday on-site | Tuesday, Friday remote)

Contract Position (through May 2026)

JOB DESCRIPTION

We are seeking an experienced Senior Vulnerability Management Engineer to support and strengthen our client's enterprise vulnerability management program and overall security posture. In this critical role, you will be responsible for configuring vulnerability management platforms and leading the identification, assessment, prioritization, and coordination of security vulnerability remediation across complex IT environments spanning cloud, on-premises, and hybrid infrastructures.

Your day-to-day will involve working hands-on with industry-leading security platforms such as Nucleus Security, Rapid7 InsightVM, Microsoft Defender for Endpoint, ServiceNow, and BitSight to proactively identify and manage security risks. You'll translate complex technicalf vulnerabilities into clear, actionable reports for executive leadership, helping them understand business impacts and make informed risk decisions. This position offers the opportunity to directly impact the organization's security posture by collaborating with cross-functional teams including IT operations, cloud engineering, application development, and incident response to effectively reduce risk exposure across the enterprise.

The ideal candidate is passionate about cybersecurity, stays current with emerging threats and technologies, and thrives in a collaborative environment where they can leverage both technical expertise and strong communication skills. You'll report to the security leadership team while partnering closely with stakeholders at all levels of the organization. This role is perfect for a security professional who enjoys problem-solving, process improvement, and making a tangible difference in protecting enterprise assets.

DUTIES AND RESPONSIBILITIES

• Configure, maintain, and optimize vulnerability management platforms including Nucleus Security, Rapid7 InsightVM, Microsoft Defender for Endpoint, ServiceNow, and BitSight to ensure comprehensive vulnerability coverage
• Identify, assess, and prioritize security vulnerabilities across enterprise infrastructure including cloud platforms (AWS, Azure, GCP), on-premises systems, and hybrid environments
• Coordinate vulnerability remediation efforts with IT operations, system administrators, and development teams to ensure timely resolution of security risks
• Prepare and deliver executive-level reports that translate technical security findings into business risks and actionable recommendations for senior leadership
• Design, implement, and continuously improve automated workflows for vulnerability tracking, reporting, and remediation processes
• Monitor and analyze vulnerability data to identify trends, measure remediation effectiveness, and drive data-driven security decisions and process improvements
• Ensure compliance with regulatory frameworks and industry standards by implementing appropriate security controls and maintaining audit-ready documentation
• Actively participate in security incident response activities during exploitation events, working closely with threat intelligence teams
• Collaborate with threat intelligence teams to monitor emerging vulnerabilities and threats, ensuring proactive risk management
• Facilitate training and security awareness initiatives to help teams understand vulnerability management best practices
• Manage tool migrations, integrations, and security platform enhancements to continuously improve program effectiveness

REQUIRED EXPERIENCE/SKILLS

• Minimum five years of hands-on experience managing vulnerabilities within complex IT environments (cloud, on-premises, hybrid architectures)
• Advanced expertise with leading vulnerability management and security platforms such as Nucleus Security, Rapid7 InsightVM, Microsoft Defender for Endpoint, ServiceNow, BitSight, or equivalent solutions
• Comprehensive knowledge of operating systems including Windows, Linux, and Unix environments
• Strong understanding of networking protocols, cloud platforms (AWS, Azure, GCP), and cloud security best practices
• Familiarity with web application vulnerabilities (OWASP Top 10) and application security testing methodologies
• Proven ability to prepare and deliver clear, actionable reports for executive audiences and translate technical findings into business impacts
• Strong understanding of regulatory frameworks and compliance requirements with demonstrated experience implementing security controls
• Demonstrated skill in designing, optimizing, and implementing automated workflows for security operations
• Exceptional analytical thinking and attention to detail with a track record of leveraging data analysis to drive security improvements
• Experience actively participating in incident response activities and coordinating with security operations teams
• Excellent verbal and written communication skills with ability to engage stakeholders at all organizational levels
• Creative problem-solving approach to addressing complex security challenges with precise identification and documentation of vulnerabilities
• Commitment to continuous learning and staying current with evolving threat landscapes and security technologies

NICE-TO-HAVES

• Industry certifications such as CompTIA Security+, CISSP, CISM, CEH, or equivalent credentials
• Experience managing complex security projects including tool migrations, platform integrations, and large-scale process enhancements
• Proficiency with Regex (Regular Expressions) for building automation rules, data parsing, and workflow customization within vulnerability management platforms
• Basic understanding of SQL for querying, analyzing, and manipulating data for reporting and automation purposes
• Familiarity with the Purdue Enterprise Reference Architecture (PERA) or Purdue Model for Industrial Control System (ICS) network segmentation and security
• Experience with cloud security architecture and emerging cloud-based threats
• Background in DevSecOps practices and integrating security into development pipelines
• Familiarity with security orchestration, automation, and response (SOAR) platforms

EDUCATION

Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology, or related field, OR equivalent professional experience in information security. Strong emphasis on relevant professional certifications and continuous education to demonstrate commitment to the cybersecurity field.