A well-established wealth management firm is seeking a Vulnerability Management Engineer to join its cybersecurity team. In this role, you will own the end-to-end vulnerability management program with a strong emphasis on hands-on endpoint patching and system hardening across a Windows-dominant enterprise environment. You will lead remediation efforts, drive patch compliance, and collaborate with infrastructure and IT operations teams to reduce the organization's attack surface.
This position is ideal for someone who thrives in a technical, execution-focused role and takes pride in getting vulnerabilities closed - not just tracked. You will work closely with IT, cloud, and business stakeholders to ensure timely remediation while maintaining the stability of critical financial systems. The ideal candidate combines deep Windows patching expertise with a solid understanding of vulnerability prioritization and risk-based decision-making.
The organization is committed to fostering a diverse and inclusive workplace where all employees are treated equitably and with respect.
Required Skills & Experience
3+ years of experience in vulnerability management, endpoint security, or a related IT/information security role
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related discipline (or equivalent experience)
Hands-on experience with patch management platforms in a Windows environment (e.g., WSUS, SCCM/MECM, Intune, or equivalent)
Proficiency with vulnerability scanning tools such as Tenable Nessus, Qualys, or Rapid7 InsightVM
Strong understanding of Windows OS hardening standards and CIS Benchmarks
Ability to prioritize and communicate risk-based remediation recommendations to both technical teams and leadership
Experience coordinating remediation activities across infrastructure, desktop engineering, and application teams
Strong written and verbal communication skills across technical and non-technical audiences
Self-directed and organized, with the ability to manage competing priorities in a fast-paced environment
Strong analytical and problem-solving skills with a continuous improvement mindset
Desired Skills & Experience
Experience supporting patching and hardening in a regulated financial services or wealth management environment
Familiarity with STIG compliance and Group Policy (GPO) for Windows endpoint configuration
Exposure to Active Directory security hardening and privileged account hygiene
Experience working with ticketing and workflow platforms (e.g., ServiceNow, Jira) for remediation tracking
Knowledge of cloud vulnerability management (Azure or M365 environments)
Understanding of CVSS scoring, exploit intelligence feeds, and risk-based patch prioritization frameworks
Relevant certifications such as CompTIA Security+, CySA+, GCWN, or similar
What You Will Be Doing
Owning the full vulnerability management lifecycle - from scan and discovery through prioritization, remediation coordination, and validation
Executing and coordinating endpoint patching across the Windows fleet, including workstations and servers, using enterprise patch management tooling
Applying and maintaining system hardening configurations in line with CIS Benchmarks, STIGs, and internal security baselines
Analyzing scan results and translating findings into clear, actionable remediation guidance tailored to asset criticality and business risk
Partnering with IT operations, desktop engineering, and server teams to plan and execute patch deployments with minimal disruption
Tracking and reporting on patch compliance, SLA adherence, and remediation progress for leadership and audit audiences
Identifying hardening gaps across the Windows environment and driving improvement projects to close them
Supporting exception management processes, including risk acceptance documentation and compensating control review
Contributing to policy and procedure development around patch management and endpoint configuration standards
Participating in security operations activities such as vulnerability-related incident response and threat intelligence correlation
Tech Breakdown
45% Vulnerability Scanning, Analysis & Remediation Coordination
30% Endpoint Patching & Windows Hardening
15% Reporting, Metrics & Compliance
10% Security Operations Support & Process Improvement
Daily Responsibilities
35% Executing and tracking patch deployments and hardening tasks across endpoint and server infrastructure
25% Reviewing scan results, prioritizing findings, and coordinating remediation with IT teams
20% Producing compliance reports and remediation dashboards for leadership and audit stakeholders
10% Managing exceptions, documenting risk acceptances, and updating hardening baselines
10% Contributing to process improvements, runbooks, and team collaboration
The Offer
You will receive the following benefits:
Competitive salary commensurate with experience
Medical, dental, and vision insurance
401(k) with company match
Paid time off and company holidays
Remote-first work environment with flexibility
Opportunities for professional development and certification support
Exposure to enterprise security tooling in a complex financial services environment
Collaborative, mission-driven team culture
Applicants must be currently authorized to work in the US on a full-time basis now and in the future.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 10105282
- Position Id: 879560
- Posted 7 days ago
Never miss an opportunity! Create an alert based on the job you applied for.
