Senior Vulnerability Management Engineer

Remote • Posted 16 hours ago • Updated 16 hours ago
Contract W2
6 Months
No Travel Required
Remote
$55 - $70/hr
Fitment

Dice Job Match Score™

👾 Reticulating splines...

Job Details

Skills

  • Cybersecurity
  • PCI DSS
  • SOX
  • HIPAA
  • Splunk
  • QRadar

Summary

Role: Senior Vulnerability Management Engineer

Location: USA(Remote)

Experience:12+ years

Visa: USC-EAD/H1b 

 

Key Responsibilities

Vulnerability Management & Risk Prioritization

•Own and manage the end to end vulnerability management lifecycle using Rapid7 InsightVM.

•Conduct authenticated vulnerability scanning across on prem, cloud (AWS/Azure), External, and DMZ assets.

•Analyze vulnerabilities using CVSS v3, Rapid7 Real Risk Score, exploitability, and asset criticality.

•Identify and escalate Critical vulnerabilities, including Zero Day and KEV listed exposures.

• Define and enforce Vulnerability Prioritization & SLA models (Critical, High, Medium, Low).

________________________________________

Remediation & Stakeholder Collaboration

•Partner with Infrastructure, Cloud, DevOps, and Application teams to drive timely remediation.

•Create and manage remediation projects within Rapid7.

•Validate fixes through rescans and evidence collection.

•Support risk acceptance workflows, ensuring business justification and governance approvals.

________________________________________

Dashboards, Reporting & Metrics

•Build executive level dashboards and reports showing:

o Total vulnerabilities

o Critical/High trends

o MTTR and SLA compliance

o Risk score reduction

• Provide audit ready reporting for PCI DSS, SOX, HIPAA, ISO 27001, and NIST.

• Track KPIs such as vulnerability aging, repeat findings, and remediation velocity.

________________________________________

Automation & Integration

• Integrate Rapid7 with ServiceNow for automated ticket creation and SLA tracking.

• Use Python, PowerShell, or APIs to automate vulnerability workflows and reporting.

• Embed vulnerability scanning into CI/CD pipelines to support DevSecOps practices.

________________________________________

Cloud & Infrastructure Security

• Assess vulnerabilities in AWS/Azure workloads including compute, networking, IAM, and storage.

• Review cloud misconfigurations and coordinate remediation with cloud teams.

• Ensure proper tagging and asset classification for accurate risk scoring.

________________________________________

Governance & Continuous Improvement

• Maintain vulnerability management policies, standards, and procedures.

• Lead continuous improvement initiatives to reduce false positives and scanning gaps.

• Provide mentoring and technical guidance to junior analysts and engineers.

• Support internal and external security audits.

________________________________________

Required Skills & Qualifications

Technical Skills

•Strong hands on experience with Rapid7 InsightVM / Nexpose

•Deep understanding of CVSS v3, exploit intelligence, and risk based prioritization

•Experience with Zero Day, KEV, and threat intelligence integration

• Cloud security experience in AWS and/or Azure

• Familiarity with SIEM tools (Splunk, QRadar) for correlation and validation

• Automation and scripting skills (Python, PowerShell, APIs)

• Ticketing and workflow integration with ServiceNow / JIRA

________________________________________

Frameworks & Compliance

• NIST CSF / NIST 800 53 / ISO 27001

• PCI DSS, SOX, HIPAA (as applicable)

• Secure SDLC and DevSecOps principles

________________________________________

Soft Skills

• Strong communication and stakeholder management

• Ability to translate vulnerability risk into business impact

• Leadership and mentoring capabilities

• Detail oriented with strong analytical skills

________________________________________

Preferred Certifications

• CISSP / CISM

• CCSK / AWS or Azure Security certifications

• Rapid7 InsightVM experience preferred

________________________________________

Success Measures

• Reduction in Critical and High vulnerabilities

• Improved MTTR and SLA compliance

• Accurate risk prioritization with fewer false positives

• Measurable reduction in organizational risk score

• Positive audit and compliance outcomes

 

Interested candidates can share your resume on saloni (dot) dhawade (at) leanit (dot) com

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91173945
  • Position Id: 9019232
  • Posted 16 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs