Vulnerability Management Engineer

• 
  

  Operate and manage vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) to detect and report on known vulnerabilities.



• 
  

  Analyze scan results, assess severity levels, and work with teams to validate findings.



• 
  

  Maintain and optimize the scanning cadence across endpoints, servers, and cloud resources.

• 
  

  Coordinate with endpoint and server teams to schedule and deploy patches using Intune, SCCM, WSUS, and other configuration tools.



• 
  

  Collaborate with application owners to test and validate security patches prior to deployment.



• 
  

  Track and report remediation status and exceptions for compliance audits.

• 
  

  Enforce security baselines on Windows 11, macOS, iOS, and Android devices using Microsoft Intune or JAMF.



• 
  

  Support implementation of BitLocker, FileVault, Microsoft Defender policies, and vulnerability mitigation configurations.



• 
  

  Assist in Zero Trust enforcement, ensuring only compliant, secured devices are granted access.

• 
  

  Produce regular reports on vulnerability metrics, remediation status, and compliance posture.



• 
  

  Support security audits by providing evidence of patching and remediation activity.



• 
  

  Align vulnerability management practices with frameworks like ISO 27001, NIST 800-53, CIS Benchmarks, SOC 2, and GDPR.

• 
  

  Collaborate with SOC and IR teams to contain and remediate vulnerabilities exploited in real-time attacks.



• 
  

  Perform root cause analysis (RCA) of recurring vulnerabilities or failed remediations.



• 
  

  Assist in post-incident remediation and risk reduction initiatives.

• 
  

  Develop and maintain scripts (PowerShell, Python, Bash) for vulnerability detection and remediation tasks.



• 
  

  Integrate vulnerability management tools with SIEM (e.g., Sentinel, Splunk) and ITSM platforms (e.g., ServiceNow) for end-to-end visibility and workflow automation.

• 
  

  2+ years (Engineer) or 4+ years (Senior Engineer) of experience in vulnerability management, endpoint security, or IT operations.



• 
  

  Working knowledge of vulnerability scanning tools such as Qualys, Tenable, Rapid7, or similar.



• 
  

  Hands-on experience with Microsoft Intune, SCCM, or other endpoint configuration/patching tools.



• 
  

  Strong knowledge of patch lifecycle management and OS/application security hardening techniques.



• 
  

  Experience with PowerShell or Python scripting for automation and reporting.



• 
  

  Understanding of compliance and security frameworks such as ISO 27001, NIST, CIS, SOC 2.

Certifications:

• 
  

  CompTIA Security+, CySA+, or CEH



• 
  

  Microsoft Certified: Security Operations Analyst Associate (SC-200)



• 
  

  Microsoft Certified: Endpoint Administrator Associate (MD-102)

Additional Skills:

• 
  

  Familiarity with EDR/XDR platforms (e.g., Microsoft Defender for Endpoint, CrowdStrike).



• 
  

  Exposure to Zero Trust Architecture, Conditional Access, and RBAC enforcement.

• 
  

  Bachelor s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent work experience).