Job Description:

We are seeking a highly skilled and experienced Information Security Engineer specializing in Vulnerability Management. The ideal candidate will play a critical role in identifying, managing, and mitigating security vulnerabilities across enterprise systems and applications. This role will collaborate cross-functionally with IT, development, and business teams to ensure enterprise-wide security posture is strengthened, threats are proactively addressed, and regulatory compliance is maintained.

Key Responsibilities:

• Lead the implementation, operation, and continuous improvement of the enterprise vulnerability management program.

• Define and implement enterprise security tools, technologies, and architectures.

• Onboard systems, applications, and third-party services into the vulnerability management ecosystem.

• Identify, assess, and prioritize infrastructure, application, and configuration vulnerabilities.

• Monitor vulnerability status, ensure timely remediation, and escalate overdue vulnerabilities to responsible teams.

• Collaborate with IT operations and application owners to develop remediation plans and track progress.

• Conduct research on emerging threats, vulnerabilities, and recommended mitigations.

• Respond to and investigate security incidents, vulnerabilities, and alerts raised by internal and external monitoring systems.

• Perform technical risk assessments for proposed system changes and new technology implementations.

• Create and maintain documentation related to vulnerability management processes, policies, and compliance requirements.

• Support audit and compliance activities by generating reports, gathering evidence, and ensuring policy adherence.

• Collaborate with project teams to provide security engineering and consulting expertise.

Professional Skills:

• 8–20 years of experience in Information Security, with a focus on vulnerability management, security engineering, or consulting.

• Strong experience in vulnerability assessment and management processes.

• Deep knowledge of security architectures, system hardening, and network security principles.

• Experience with security tools including but not limited to:

• Brinqa, Qualys, Archer, ServiceNow, Checkmarx, Prisma.

• Strong analytical and problem-solving skills, capable of evaluating complex security data and making actionable recommendations.

• Excellent verbal, written, and interpersonal communication skills.

• Ability to lead large-scale security projects and drive resolution across multi-functional teams.

• Industry certifications such as CISSP, CISA, CISM, AWS Solutions Architect.

• Experience with Governance, Risk, and Compliance (GRC) frameworks and audit processes.

• Scripting and automation skills, preferably with Python.

• Hands-on experience with cloud security tools and architectures (AWS, Azure, GCP).

• Experience working in highly regulated industries (e.g., financial services, healthcare, government).