Sr Engineer - Information Security

We have a current opportunity for a Senior Vulnerability Engineer - Information Security on a contract basis. The position will be based onsite in Irving, Texas three days a week. (Monday, Wednesday and Thursday onsite Tuesday and Friday Remote.

For further information about this position please apply.

Responsibilities:

Position Overview

We are seeking an experienced Senior Vulnerability Management Engineer to support the organization's vulnerability management program and strengthen our overall security posture. The successful candidate will be responsible for configuring the platforms and identifying, assessing, prioritizing and coordinating the remediation of security vulnerabilities across our enterprise infrastructure. Expertise with vulnerability management platforms - such as Nucleus Security, Rapid7 InsightVM, Microsoft Defender, SentinelOne, ServiceNow, BitSight, or similar solutions is essential. This role requires collaboration with cross-functional teams to effectively reduce risk exposure.

Qualifications:

Core Qualifications

• Vulnerability Management Experience: Minimum of five years' experience managing vulnerabilities within complex IT environments (cloud, on-premises, hybrid). Comprehensive knowledge of operating systems (Windows, Linux, Unix), networking protocols, cloud platforms (AWS, Azure, Google Cloud Platform). Familiarity with web application vulnerabilities (OWASP Top 10) and application security testing.


• Proficiency with Security Tools: Advanced expertise in leading vulnerability management and security platforms, such as Nucleus Security, Rapid7 InsightVM, Microsoft Defender for Endpoint, ServiceNow, BitSight, or equivalent.


• Executive Reporting: Ability to prepare and deliver clear, actionable reports for executive audiences, translating technical findings into business risks and impacts.


• Compliance & Risk Management: Strong understanding of regulatory frameworks and experience implementing controls to meet compliance requirements.


• Process Improvement & Automation: Demonstrated skill in designing, optimizing, and implementing automated workflows for vulnerability tracking, reporting, and remediation.


• Analytical Thinking: Exceptional attention to detail, with a track record of leveraging data analysis to drive security decisions and process improvements.


• Communication & Collaboration: Excellent verbal and written communication skills; ability to engage stakeholders at all levels and facilitate training or awareness initiatives as needed.

Preferred Skills:

• Cloud Security Expertise: Familiarity with cloud security best practices and emerging threats.


• Project Management: Experience managing complex security projects, including tool migrations, integrations, and process enhancements.


• Certifications: Relevant industry certifications (e.g., CompTIA Security+, CISSP, CISM, or equivalent) are desirable.


• Regex (Regular Expressions): Experience using Regex for building automation rules, data parsing, and workflow customization within vulnerability management platforms.


• SQL: Basic understanding of SQL for querying, analyzing, and manipulating data as part of reporting or automation tasks.


• Purdue Network Model: Familiarity with the Purdue Enterprise Reference Architecture (PERA) or Purdue Model for Industrial Control System (ICS) network segmentation and security.

• Problem-Solving: Creative approach to addressing complex security challenges.


• Attention to Detail: Precise identification and documentation of security vulnerabilities.


• Security Operations: Active participation in incident response activities during exploitation events and coordination with threat intelligence teams to monitor emerging vulnerabilities and threats.


• Continuous Learning: Commitment to staying current with evolving threat landscapes and security technologies.