Vulnerability Management Expert (NV812FCT RM 3509)

• Perform detailed SBOM scans using industry-standard tools such as Timesys Vigiles, CycloneDX, or SPDX.
• Conduct context-driven vulnerability assessments by:
• Analyzing platform-specific configurations, services, libraries, and deployment models.
• Mapping identified CVEs to real-world runtime behaviors and product usage patterns.
• Filtering false positives and identifying high-impact vulnerabilities.
• Evaluate and document the security posture of each product, focusing on:
• Existing security controls (e.g., secure boot, encryption, system hardening).
• Platform architecture and integration points.
• OS-level configurations across Linux and Windows environments.
• Adjust CVE scores based on CVSS standards and provide technical justifications for product-specific impact.
• Generate detailed vulnerability reports, incorporating feedback from stakeholders
• Participate in remediation planning, follow-up scans, and re-evaluations after updates or patching.
• Collaborate with platform SMEs, product engineers, and program managers to align on resolution strategies.
• Adhere to our Vulnerability Management Process and ensure all documentation meets FDA, IEC 62304, and other regulatory compliance requirements.

Required Skills & Qualifications:

• 8-12 years of experience in embedded systems, Linux/Windows platforms, or product cybersecurity.
• Strong expertise in:
• SBOM analysis and CVE triaging.
• CVSS scoring methodologies and vulnerability relevance assessment.
• Hands-on proficiency with tools such as Timesys Vigiles, SPDX, CycloneDX.
• In-depth understanding of system configurations, libraries, services, and post-deployment vulnerability reviews.
• Familiarity with secure development lifecycle (SDL) practices and system hardening techniques.
• Excellent analytical, documentation, and communication skills for cross-functional collaboration