Role Overview

We are looking for a Senior Engineer who views Vulnerability Management as a risk-reduction craft, not a compliance checkbox. While you will be involved in high-level security operations, your primary focus is to evolve our Threat & Vulnerability Management (TVM) program from "running scans" to "driving impactful remediation of real risk."

This isn't a role for someone who just forwards PDF reports. We need a technical leader who can cut through the noise of thousands of alerts, translate CVSS scores into actual business risk, and work as a peer with our Engineering and IT teams to get things fixed. You’ll be the bridge between technical telemetry and executive-level risk decisions.

Key Responsibilities

• Risk-Based Vulnerability Management: Own the full lifecycle of vulnerability discovery and remediation. You’ll move beyond "Critical/High" labels to prioritize based on reachability, exploitability-in-the-wild (EPSS/KEV), and the specific context of our environment.
• Stakeholder Diplomacy: Act as the primary technical point of contact for Engineering and DevOps. You’ll be responsible for explaining the "why" behind a fix, helping teams navigate technical debt, and negotiating remediation timelines that balance security with product velocity.
• Threat Hunting & Intel: Use MITRE ATT&CK® to pivot from vulnerability data to proactive hunting. If a new Zero-Day drops, you’re the one identifying our exposure surface and drafting the "what this means for us" brief within hours.
• Detection & Automation: We don't want you doing the same manual task twice. You’ll build and tune detection logic and design SOAR playbooks to automate ticket routing, asset tagging, and evidence collection.
• Incident Leadership: Act as a Tier 3 escalation point and Incident Commander for major security events. You’ll lead the "deep dive" after an incident to ensure the root cause is addressed in the TVM roadmap.
• Strategic Reporting: Stop reporting on "number of vulnerabilities" and start reporting on "risk reduction over time." You’ll develop KPIs that actually matter to executive leadership, such as Mean Time to Remediation (MTTR) for exploited flaws and burn-down rates on mission-critical assets.

Qualifications

• 5–7+ years in SecOps and TVM: You’ve lived through the "log4j" style fire drills and know how to keep a cool head when things get messy.
• TVM Tooling Expertise: Deep, hands-on experience with enterprise-grade scanners (Qualys, Tenable, or Rapid7) and, more importantly, the ability to integrate them into CI/CD pipelines and cloud workflows.
• Cloud Security Expertise: You’re fluent in AWS/Azure/GCP security and understand why scanning a container image is different from scanning a VM.
• Data & Scripting: You can use Python, PowerShell, or SQL to pull data from an API, smash two datasets together, and find the one outlier that actually matters.
• Risk Translation: You can explain the difference between a theoretical vulnerability and a functional exploit to both a kernel engineer and a VP of Product.
• Framework Fluency: Strong command of NIST CSF and MITRE ATT&CK. You don't just know the frameworks; you know how to apply them to prioritize your week.
• The "Attacker Mindset": You understand exploit development and penetration testing methodologies. You know which vulnerabilities are "low hanging fruit" for an attacker, even if the scanner says they’re "Medium."

Certifications & Education

While we value experience over paper, professional certifications like CISSP, GCIH, or GEVA (GIAC Enterprise Vulnerability Assessor) are highly regarded.
Specialized cloud certs (CCSP, AWS Security) or a degree in Cybersecurity/CS are a plus, but your ability to solve complex problems is what we’re really looking for.

Why you’ll love this role

You won't be a cog in a machine. You’ll have the autonomy to rebuild our TVM processes and a seat at the table to influence how the entire organization approaches security risk.