Vulnerability Management Engineer

Job description

The Vulnerability Management Engineer- Mid supports SEC ISS contract objectives by identifying , prioritizing, and driving remediation of security vulnerabilities across enterprise infrastructure and cloud-connected environments. This role strengthens SEC risk posture by aligning vulnerability management activities with NIST and FISMA requirements, including support for audit readiness and continuous monitoring outcomes. The engineer works across operations, engineering, and system owner teams to reduce exposure through timely patching, hardening, and POA&M closure. This position also delivers clear reporting to leadership and contributes to incident response for vulnerability-related events. PRIMARY RESPONSIBILITIES: Vulnerability Assessment and Analysis - Perform recurring vulnerability assessments across servers, endpoints, network devices, and relevant cloud-hosted assets using approved scanning tools. - Analyze scan results for severity, exploitability, asset criticality, and business impact to prioritize remediation actions. - Validate findings by identifying false positives, duplicates, and exceptions to maintain accurate risk data. - Maintain visibility of open vulnerabilit...