Expert Vulnerability & Baseline Hardening Engineer

Title: Expert Vulnerability & Baseline Hardening Engineer

Location: Oakland, CA (Remote considered)
Duration: 12 Months

Job Summary

The Expert Vulnerability & Baseline Hardening Engineer will manage enterprise vulnerability scanning tools and implement security hardening baselines and CSPM solutions. The role is split 50% between vulnerability scanning operations and 50% baseline hardening & cloud security posture management.

Key Responsibilities

Vulnerability Scanning Operations

• Manage and operate vulnerability scanning tools like Rapid7 Nexpose/InsightVM and Qualys VM
• Ensure proper scan coverage, stability, and authenticated scanning
• Automate scanning workflows and integrate with tools like Jira/Ivanti and CyberArk/Azure Key Vault
• Improve scanning performance, reporting, and configuration
• Document procedures, configurations, and operational workflows

Baseline Hardening & CSPM

• Deploy and manage baseline hardening and CSPM tools such as:
• Qualys Policy Compliance
• Rapid7 Policy/Benchmark Scanning
• Microsoft Defender for Cloud
• Aqua, CrowdStrike
• Build and maintain scan templates and onboard enterprise assets
• Run compliance and posture reports and support remediation
• Maintain documentation for standards, processes, and remediation guidance

Stakeholder Support

• Respond to vulnerability-related tickets and inquiries
• Help teams understand scan results and resolve false positives
• Provide remediation guidance and security consultation

Required Skills & Experience

• 7+ years of experience in information security or security service delivery
• Hands-on experience with Rapid7, Qualys, Aqua, or similar tools
• Experience with hardening baselines, compliance scanning, or CSPM
• Strong automation and workflow design experience
• Cloud security experience (Microsoft Defender for Cloud preferred)
• Strong documentation and collaboration skills

Education

• Bachelor s degree with 2+ years experience (or equivalent)