Expert Vulnerability & Baseline Hardening Engineer

Job Taxonomy:

Cyber Risk Management Engineer

Job Title:

Expert Vulnerability & Baseline Hardening Engineer

Job Category:

Job Description:

Job Description: Expert Vulnerability & Baseline Hardening Engineer
The Expert Vulnerability & Baseline Hardening Engineer will support the Secure Technology Solutions Sustainability (STS) service by operating core vulnerability scanning platforms and implementing the enterprise hardening baseline and CSPM (Cloud Security Posture Management) architecture. This role is divided approximately 50/50 between (1) administering and optimizing existing scanning solutions, and (2) deploying baseline-hardening and CSPM tooling and processes across the enterprise.

Key Responsibilities

Vulnerability Scanning Operations

• Maintain and operate enterprise vulnerability scanning platforms, with an emphasis on network-based scanning tools such as Rapid7 Nexpose/InsightVM and Qualys VM.
• Support automation across on-prem and SaaS scanning tools (e.g., Rapid7, Qualys, Nucleus), including integration into workflow platforms such as Jira/Ivanti and credential stores such as CyberArk/Azure Key Vault.
• Ensure stability, coverage completeness, and accurate configuration of all vulnerability scanning solutions, including authenticated scanning of network appliances.
• Analyze improvement opportunities and implement platform enhancements in partnership with STS engineers and vendors (e.g., improved coverage, tuning, reporting, and configuration updates).
• Document operational procedures, automation workflows, configuration standards, and changes to scanning coverage or performance.

Hardening Baseline & CSPM Architecture Implementation

• Deploy and operationalize tools supporting hardening baseline scanning and CSPM, including Qualys Policy Compliance, Rapid7 Policy/Benchmark Scanning, Microsoft Defender for Cloud, Aqua, and CrowdStrike.
• Build and maintain hardening baseline and CSPM scan templates; ensure comprehensive asset onboarding and subscription to all required scans.
• Operate the recurring compliance and posture-management cycle: generate reports, distribute findings to stakeholders, support prioritization, and provide remediation assistance or consultation.
• Establish and maintain documentation for scanning standards, operational workflows, asset onboarding procedures, reporting processes, and remediation guidance.

Stakeholder Support & Ticket Management

• Respond to vulnerability-related inquiries and tickets using established STS processes and service workflows.
• Assist stakeholders in interpreting scan results, identifying false positives, and resolving configuration or remediation challenges.

Skills/Experience:

Minimum Qualifications

2+ w/Bachelors degree

Additional Experience

7+ year of experience in information security solution implementation or security service delivery.

Knowledge, Skills, Abilities

• Experience with vulnerability scanning platforms (Rapid7, Qualys, Aqua, or similar).
• Experience implementing compliance, configuration baseline, or CSPM solutions.
• Experience with designing and implementing automation for repetitive processes and workflows.
• Familiarity with cloud environments and CSPM technologies (e.g., Microsoft Defender for Cloud).
• Strong documentation skills and ability to operationalize repeatable processes.
• Ability to collaborate with engineers, application teams, and vendors to drive improvements.