Vulnerability Management Engineer

As a Vulnerability Management Engineer, your role will involve assessing, tracking, and managing vulnerabilities in cloud and platform environments to ensure the security posture of applications and infrastructure. You will utilize various vulnerability management tools and processes to evaluate vulnerabilities, triage risks, and oversee proper remediation actions. Here are your key responsibilities: - Assess the risk of CVEs in your environment and prioritize them based on risk level. - Triage the entire vulnerability management lifecycle to identify, track, and remediate vulnerabilities in a timely manner. - Manage and oversee Application Security and Vulnerability Management tools such as CSPM, SAST, DAST, Dependency Scans, and Secrets Scans. - Handle platform vulnerability management including Cloud Security Posture Management and Container Workload Protection using tools like Prisma Scanner. - Evaluate change requests for e-commerce systems, assess security implications, and provide security recommendations. - Track feature changes, bug fixes, and release changes to prevent vulnerabilities from being introduced. - Monitor and track CVEs for timely identification, prioritization, and assessment of vulnerabilities. - Identify components and systems impacted by changes and associated vulnerabilities. - Develop security assessment plans to ensure compliance with industry standards and best practices. - Conduct regular vulnerability scans of infrastructure and source code, focusing on Kubernetes containerized apps to identify and prioritize security risks. - Maintain detailed records of vulnerability assessments, findings, remediation actions, and reporting for compliance purposes. Qualifications required for this role include: - Solid understanding of vulnerability management life cycle and risk assessment. - Experience with vulnerability scanning tools and platforms such as Prisma/Wiz. - Familiarity with CSPM, Container Workload Protection, SAST, DAST, and Dependency Scans. - Proven experience in security assessment, vulnerability remediation, and risk management. - Strong knowledge of CVE tracking and vulnerability prioritization techniques. - Knowledge of security best practices and compliance standards. - Excellent documentation, communication, and collaboration skills. - Past experience in operating enterprise-grade security vulnerability management tools is a plus.,