College Board - Technology - Vulnerability & Threat Management

Location: This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).

Type: This is a full-time position

About the Team

The Vulnerability & Threat Management (VTM) team designs and operates College Board's Unified Vulnerability Management (UVM) program, a centralized platform that aggregates vulnerability findings across cloud, code, and enterprise environments. We integrate signals from cloud security tools, external attack surface scanning, and application security sources into a single workflow that drives clear ownership and measurable risk reduction.

We partner closely with security engineering, security operations, and infrastructure teams to ensure vulnerabilities are not just detected, but prioritized and remediated in alignment with defined service-level expectations. Our work spans AWS and other cloud platforms and increasingly emphasizes automation, scalable ingestion pipelines, and engineering-friendly visibility through dashboards and structured workflows.

By strengthening visibility, accountability, and remediation performance, we directly support the secure delivery of mission-critical digital programs and the protection of student data at national scale.

About the Opportunity

As a Vulnerability Management Engineer I, you will play a foundational role in operating and continuously improving College Board's Unified Vulnerability Management platform. This entry-level engineering role is designed for early-career professionals who want to build strong technical depth in cloud security, vulnerability management, and security automation within a mission-driven organization.

You will help ensure that critical and high-risk findings across cloud, code, and enterprise systems are accurately ingested, assigned, and tracked through structured workflows. Over time, you will learn how large-scale security programs translate detection into measurable risk reduction, and how automation, visibility, and clear ownership models enable engineering teams to move quickly without sacrificing security.

A key part of this role involves working alongside AI-powered tooling to enhance the speed and quality of vulnerability analysis. You will gain hands-on experience leveraging large language models and AI-assisted workflows to accelerate tasks such as finding triage, risk summarization, and remediation guidance - learning how to critically evaluate AI outputs within a security context where accuracy and accountability matter. As AI continues to reshape how security teams operate, you will be positioned at the forefront of that shift, helping the team identify where intelligent automation adds genuine value and where human judgment remains essential.

Working closely with senior VTM engineers and partner teams, you will gain hands-on exposure to modern cloud environments and develop the operational discipline required to run a high-impact security program at scale - combining traditional security engineering fundamentals with emerging AI capabilities to drive measurable, efficient risk reduction.

In this role, you will:

Operate the UVM Platform & Govern SLAs (40%)

• Monitor daily UVM platform activity to ensure vulnerability findings are successfully ingested and assigned to the appropriate owners.
• Track critical and high vulnerabilities against defined SLAs, escalating overdue items and documenting status updates.
• Review platform health indicators such as ingestion failures, ticket backlogs, and assignment gaps, raising issues when anomalies are detected.
• Identify recurring issue patterns and document observations to support continuous improvement of workflows and automation.

Maintain Vulnerability Coverage & Platform Hygiene (40%)

• Track scanner and agent deployment coverage across cloud environments and perform basic troubleshooting when assets fall out of scope.
• Execute routine health checks and operational checklists with increasing independence over time.
• Convert recurring operational fixes into clear runbooks and structured documentation.
• Maintain accurate and up-to-date documentation in Confluence, including procedures, ownership details, and lessons learned.

Support Threat Response & Audit Readiness (20%)

• Track findings from external attack surface scans and emerging threat investigations, ensuring impacted assets are logged and assigned.
• Collect and organize evidence required for audits such as SOC2, ISO 27001, and PCI.
• Participate in emerging threat response workflows and support timely identification and tracking of affected systems.

About you, you have:

• A Bachelor's degree in Information Security, Computer Science, Engineering, MIS, or a related field, completed or in progress with expected graduation, or 1-3 years of relevant experience in security operations, vulnerability management, IT operations, or platform support.
• A foundational understanding of security vulnerabilities, CVEs, and remediation practices, gained through coursework, labs, internships, projects, or professional experience.
• Ability and enthusiasm to learn new technologies quickly, with strong written communication skills and sound practical judgment.
• Comfort working from a queue or ticketing system and following through to drive issues to closure; experience with Jira or ServiceNow is a plus.
• Basic knowledge of AI models and prompt engineering. Claude Code experience is a plus.
• Exposure to vulnerability scanning tools or agents (Tenable, Qualys, etc.) and ability to troubleshoot basic health or coverage issues, or strong motivation to learn quickly.
• Familiarity with cloud and Linux fundamentals, AWS preferred, and willingness to work in command-line workflows; scripting curiosity in Python or Bash is a plus.
• Clear written communication skills and a documentation mindset, comfortable creating or updating runbooks, checklists, and Confluence pages.
• Curiosity, sound judgment, and a collaborative, service-oriented mindset, knowing when to solve independently and when to escalate.
• Ability to travel 3-5 times a year to our NYC or Reston, VA office.

All roles at College Board require:

• A passion for expanding educational and career opportunities and mission-driven work
• Authorization to work in the United States for any employer
• Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and a comfort learning and applying new digital tools independently and proactively.
• Clear and concise communication skills, written and verbal
• A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
• A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
• A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success.

About Our Process

• Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
• While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, coding assessment prescreen, and a panel interview.

A Thoughtful Approach to Compensation

• The hiring range for this role is $106,000 - $115,000
• Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
• We aim to make our best offer upfront-rooted in fairness, transparency, and market data.
• We adjust salaries by location to ensure fairness, no matter where you live.

You'll have open, transparent conversations about compensation, benefits, and what it's like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI-DC1
#LI-REMOTE