Job Title: Vulnerability Engineer
Location: Erie, PA (Onsite from Day 1)
Contract Duration: 12+ Months
Experience: 12+ Years
Interview Mode: Virtual
Job Summary:
We are seeking a highly experienced Vulnerability Engineer to lead vulnerability management efforts, identify security risks, and ensure the organization's systems remain secure. This role involves conducting advanced vulnerability assessments, analyzing results, prioritizing remediation, collaborating with system owners, and aligning with organizational security policies and compliance requirements.
Key Responsibilities:
-
Lead and perform vulnerability scans using tools such as Nessus, Qualys, and OpenVAS.
-
Analyze and interpret scan results to identify critical risks and recommend remediation strategies.
-
Oversee the end-to-end vulnerability management process, ensuring accurate documentation and reporting.
-
Work closely with IT, DevOps, and application teams to implement security patches and fixes efficiently.
-
Monitor threat intelligence feeds and assess potential impacts on the organization's systems and infrastructure.
-
Develop and maintain dashboards and executive reports for stakeholders highlighting risk posture and remediation progress.
-
Ensure compliance with industry security standards and regulations, and participate in incident response activities when required.
-
Mentor junior security engineers and contribute to the continuous improvement of security processes.
Required Skills & Experience:
-
Bachelor's degree in Computer Science, Information Security, or a related field.
-
12+ years of experience in vulnerability management, cybersecurity, or related disciplines.
-
Extensive experience with vulnerability scanning tools, SIEM solutions, and risk assessment methodologies.
-
Deep knowledge of operating systems (Windows, Linux), networking, and cloud platforms (AWS, Azure, etc.).
-
Strong problem-solving skills and ability to prioritize remediation efforts effectively.
Preferred Qualifications:
-
Advanced security certifications such as CEH, CISSP, OSCP, or equivalent.
-
Experience with automation and scripting for vulnerability remediation.
-
Knowledge of container security, DevSecOps practices, and modern security frameworks.
-
Proven ability to work with cross-functional teams and influence security best practices across the organization.