Job Title: Vulnerability Remediation Engineer
Location: Raritan, NJ 08869 / REMOTE
Job Description:
• Implement capabilities for a global Vulnerability Management program: internal/external exposure, imminent threats, prioritization, remediation facilitation.
• Serve as technical SME for vulnerability tools and processes (Tenable, Qualys, Rapid7, or equivalent).
• Continuously improve VM processes for coverage, efficiency, and visibility.
• Leverage automation, analytics, and threat intelligence to improve accuracy and reduce remediation timelines.
• Operate/optimize scanning platforms, discovery tooling, and reporting pipelines for asset visibility.
• Partner with Infrastructure, Engineering, Application, and Cloud teams to reduce risk across environments.
• Lead critical vulnerability identification and response exercises, including zero-day/imminent threats.
• Develop and maintain metrics, dashboards, and executive-level reporting on posture, remediation progress, and program maturity.
• Track and communicate remediation SLAs, risk reduction, and program improvements.
Qualifications and Skills:
• Technical proficiency across network, system, and application layers; scanning, asset discovery, and exploit analysis
• Hands-on experience with VM tools (e.g., Tenable.io, Qualys VMDR/WAS, Rapid7 InsightVM/AppSec) and discovery utilities (Nmap, SSLScan, Shodan, BitSight, Security Scorecard, custom scripts).
• Knowledge in threat intel and data-driven prioritization (CVSS/CISA/EPSS).
• Strong cloud understanding (AWS, Azure, GCP) and modern app stacks.
• Scripting/automation (Python, PowerShell, Bash) and data analysis (SQL, Excel).
• Scale-ready processes, metrics, dashboards, and analytics (Tableau, PowerBI).
• Cross-functional collaboration; clear risk communication to technical and business stakeholders.
• Knowledge of IT processes, secure baselines, and control frameworks (CIS, NIST, ISO, Microsoft, etc.).
Preferred:
• Relevant certifications such as OSCP, GWAPT, CEH, or CSSLP.
• Experience working in Agile and DevSecOps environments.
• Knowledge of containerized applications and security tools (e.g., Docker, Kubernetes, etc.).
• Understanding of regulatory compliance requirements (e.g., PCI DSS, GDPR, HIPAA).
• Experience with penetration testing and exploit development.
Apply Now
Apply Now