Vulnerability Management and Security Engineering

ResponsibilitiesThe Technology department at our client is responsible for creating and continuously improving a robust and secure technology foundation that supports the firm’s business activities. Underpinning that, the Cybersecurity function ensures that the firm accurately identifies, investigates, and remediates incidents and evaluates applicable controls related to the firm’s technology. As the technology landscape is undergoing significant change, the Cybersecurity function is also evolving to help enable that change.We are seeking an experienced, hands-on Cybersecurity Professional to own and drive the firm’s vulnerability management and patching program. This is an execution-focused role — the ideal candidate will be equally comfortable building strategy and rolling up their sleeves to conduct scans, validate remediations, coordinate fixes directly with engineering and infrastructure teams, and provide reporting and metrics on remedial actions and SLA-adherence.In addition to vulnerability management, this individual will serve as a critical incident response resource, providing coverage during hours when the primary SOC team may not be available. This includes triaging and responding to critical-severity incidents, escalating appropriately, and ensuring continuity of response without gaps.The candidate should bring a solutions-oriented, investigative mindset, comfort in a fast-paced environment, and the ability to build strong relationships across Technology and relevant business functions.Vulnerability Management (Hands-On Execution)Conduct regular vulnerability assessments of all systems, applications, and infrastructureExecute vulnerability scans using tools such as Nessus, Qualys, or Rapid7; perform or coordinate penetration testing and security assessments.Analyze vulnerability data and issue actionable remediation, mitigation, or risk-acceptance recommendations calibrated to the firm’s risk profile.Drive remediation directly with engineering, infrastructure, and application teams — tracking findings from discovery through to validated closure.Validate all remediations to confirm findings are fully resolved.Develop and maintain meaningful vulnerability metrics and dashboards for senior leadership, incorporating risk-based scoring, SLA adherence, and trend analysis.Work with cross-functional teams to embed vulnerability management considerations into the design, development, and testing of new systems and applications.Coordinate with external vendors and partners to optimize detection quality, validate findings, and improve remediation workflows.Program Management & Governance Develop and maintain security policies, procedures, and standards aligned to industry best practices (NIST, CIS, ISO) and OUR CLIENT policy requirements.Support audit evidence collection and manage remediation timelines for compliance-related findings.Communicate security risks and program status to management and stakeholders; provide clear, prioritized recommendations.Understand and effectively balance risk versus business operability in all remediation decisions.Provide leadership and mentorship to junior security team members; manage and direct external teams as needed.Engineering Support and maintain the vulnerability management platform infrastructure, including scanner and agent configuration, and integration with downstream ticketing and reporting systems.In support of the overall OUR CLIENT security program, assist with project work on security infrastructure, including SIEM, EDR, and related tooling — contributing engineering effort as priorities require.QualificationsOur client seeks to hire individuals who are highly motivated, intelligent and have demonstrated excellence in prior endeavors. In addition, qualified candidates will possess the following:Education & Experience Bachelor’s degree in Computer Science, Information Security, or a related field.7–10+ years of experience in information security, with a strong focus on vulnerability management, secure design review, patch operations, and incident response.Demonstrated experience running a hands-on vulnerability management program — not solely in an oversight or program management capacity.Experience providing incident response coverage, including participation in on-call rotations or extended-hours response.Technical Skills Proficiency with vulnerability management platforms such as Nessus, Qualys, or Rapid7; ability to operate these tools directly, not just interpret reports.Knowledge of cloud security posture management (CSPM) platforms such as Wiz or Microsoft Defender for Cloud, and exposure management workflows.Strong technical skills in vulnerability scanning, patch management, and network security protocols.Working knowledge of operating systems (Windows, Linux) and web application security.Familiarity with SIEM tools for alert triage and incident investigation.Scripting and automation skills in PowerShell or Python; experience with workflow tools such as ServiceNow or JIRA.Frameworks & Standards Working knowledge of security frameworks including NIST CSF, CIS Controls, and ISO 27001.Understanding of incident response frameworks (e.g., NIST SP 800-61, PICERL) and how vulnerability management integrates into the IR lifecycle.Soft Skills & Availability Excellent communication and interpersonal skills; able to convey complex security issues to both technical and non-technical audiences.Strong leadership and mentorship abilities; demonstrated experience managing cross-functional teams and external consultants.Ability to work independently, manage competing priorities, and adapt to rapidly shifting demands.Willingness and ability to provide extended-hours incident response coverage as required by the role, including off-hours and weekend on-call responsibilities.