Dartmouth College

Senior Cybersecurity Engineer - Vulnerability and Threat Management

Dartmouth College$136K — $145K *
Education, Government & Non-Profit
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in computer science, cybersecurity, information systems, or a related field, or equivalent professional experience.
  • 5+ years of hands-on cybersecurity engineering experience, with at least 3 years managing a vulnerability management program.
  • Experience building vulnerability management or threat intelligence programs from early maturity.
  • Deep knowledge of enterprise vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7).
  • Experience with threat intelligence from various sources and operationalizing it for defensive actions.
  • Proficiency in developing API integrations and automations with cybersecurity technologies.
  • Strong communication skills, both written and verbal.

Responsibilities

  • Own the full vulnerability management lifecycle from discovery to reporting.
  • Tune and manage vulnerability scanning infrastructure in hybrid environments.
  • Develop risk-based prioritization frameworks using threat intelligence and asset criticality.
  • Implement AI-driven prioritization and automation in vulnerability workflows.
  • Enforce vulnerability management standards and remediation SLAs appropriate for higher education.
  • Consume and analyze threat intelligence to inform vulnerability prioritization and remediation efforts.
  • Drive coordination for remediation across decentralized teams and departments.

Benefits

  • Hybrid work eligibility for a flexible work environment.
  • Engage in a mission-driven role in a world-class research institution.
  • Opportunity to shape and mature the cybersecurity program under new leadership.
  • Direct input on the implementation of AI in cybersecurity operations.
Full Job Description
Position Details

Position Information

Posting date
06/25/2026

Closing date

Open Until Filled
Yes

Position Number
1129621

Position Title
Senior Cybersecurity Engineer - Vulnerability and Threat Management

Hiring Range Minimum
$136,000

Hiring Range Maximum
$145,000

Union Type
Not a Union Position

SEIU Level
Not an SEIU Position

FLSA Status
Exempt

Employment Category
Regular Full Time

Scheduled Months per Year
12

Scheduled Hours per Week
40

Schedule

Location of Position

Hanover, NH

Remote Work Eligibility?
Hybrid

Is this a term position?
No

If yes, length of term in months.
NA

Is this a grant funded position?
No

Position Purpose

Dartmouth College seeks a Senior Cybersecurity Engineer to own and mature the institution's vulnerability management program, integrate threat intelligence into vulnerability prioritization and defensive operations, and leverage AI to accelerate both disciplines. This role is responsible for the full vulnerability management lifecycle - from asset discovery and scanning through risk-rated prioritization, remediation coordination, and executive reporting - enriched by threat intelligence that ties vulnerability data to real-world adversary activity. You will operate across a complex environment that includes academic and administrative systems, research computing infrastructure, and a hybrid cloud footprint.

Description

What You'll Join

Dartmouth's cybersecurity program is in an active investment and maturation phase under new CISO leadership. You won't be slotting into a static operation - you'll be helping build it. The team values technical depth, clear communication, and pragmatic risk management over checkbox compliance. You'll work with modern tooling, have direct input on how AI transforms vulnerability and threat intelligence operations, and sit at the intersection of technical execution and institutional risk strategy. The mission matters: protecting a world-class research university, its students, its faculty, and the sensitive data entrusted to it.

Required Qualifications - Education and Yrs Exp
Bachelor's degree

Required Qualifications - Skills, Knowledge and Abilities
  • Bachelor's degree in computer science, cybersecurity, information systems, or a related field - or equivalent professional experience.
  • 5+ years of hands-on cybersecurity engineering experience, with at least 3 years directly managing or operating a vulnerability management program.
  • Experience building vulnerability management or threat intelligence programs from early maturity.
  • Deep working knowledge of enterprise vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7).
  • Experience consuming and operationalizing threat intelligence from commercial platforms, ISACs, and open-source feeds to inform defensive operations.
  • Experience with developing vulnerability management API integrations and automations with other cybersecurity technologies.
  • Demonstrated ability to drive remediation with stakeholders outside your direct reporting chain.
  • Solid understanding of CVSS scoring, EPSS, KEV catalog usage, and risk-based prioritization beyond "patch everything critical."
  • Strong written and verbal communication skills.


Preferred Qualifications
  • Experience in higher education, healthcare, or other environments with decentralized IT governance and federated system ownership.
  • Working knowledge of industry leading EDR, SIEM and Log Management platforms.
  • Hands-on experience applying AI/ML tools to vulnerability management or threat intelligence workflows - including generative AI for analysis acceleration, AI-driven prioritization models, or automated enrichment pipelines.
  • Familiarity with AI-specific threat vectors (prompt injection, model manipulation, data exfiltration via AI tooling) and their implications for vulnerability management programs.
  • Familiarity with compliance frameworks relevant to research universities: CMMC/NIST 800-171, HIPAA, GLBA, FERPA, ITAR/EAR.
  • Experience with threat intelligence platforms (TIPs), STIX/TAXII, and MITRE ATT&CK framework mapping.
  • Experience with external attack surface management (EASM) and cloud-native vulnerability assessment.
  • Relevant certifications: GEVA, GCIH, GCTI, CTIA, CISSP, or equivalent.


Department Contact for Recruitment Inquiries
Kyle Hastbacka

Department Contact Phone Number
[email protected]

Department Contact for Cover Letter and Title
Tom Nudd, Chief Information Security Officer

Department Contact's Phone Number

Special Instructions to Applicants

Dartmouth College has a Tobacco-Free Policy. Smoking and the use of tobacco-based products (including smokeless tobacco) are prohibited in all facilities, grounds, vehicles or other areas owned, operated or occupied by Dartmouth College with no exceptions. For details, please see our policy. https://policies.dartmouth.edu/policy/tobacco-free-policy

Additional Instructions

Quick Link
https://searchjobs.dartmouth.edu/postings/86278

Key Accountabilities

Description

Vulnerability Management Program Ownership -
  • Owns the end-to-end vulnerability management lifecycle: asset inventory, scanning, prioritization, remediation tracking, exception management, and metrics reporting.
  • Operates and tunes vulnerability scanning infrastructure across on-premises, cloud, and hybrid environments.
  • Develops and maintains risk-based prioritization frameworks that account for asset criticality, threat intelligence context, exploitability (EPSS, KEV), and regulatory exposure.
  • Evaluates and operationalizes AI-driven vulnerability prioritization and automated triage capabilities within scanning and remediation workflows, reducing manual effort while maintaining appropriate human oversight.
  • Develops and enforces a vulnerability management standard including SLAs for remediation timelines by severity, with graduated escalation paths appropriate for a higher education environment.


Percentage Of Time
20

Description

Threat Intelligence Integration -
  • Consumes, analyzes, and operationalizes threat intelligence and open-source feeds (CISA KEV, sector ISACs), and higher education-specific sources (REN-ISAC) to inform vulnerability prioritization and defensive posture.
  • Produces threat intelligence summaries for the CISO and institutional leadership, translating adversary activity into actionable risk context.
  • Correlates vulnerability data with threat intelligence to identify exposures actively targeted by threat actors, ensuring remediation efforts focus on real-world exploitability rather than CVSS scores alone.
  • Leverages generative AI platforms to accelerate threat intelligence analysis, including rapid synthesis of advisories, campaign reporting, and indicator enrichment.
  • Monitors the evolving threat landscape for emerging vulnerabilities, zero-day disclosures, and adversary TTPs relevant to Dartmouth's regulatory and research profile.
  • Contributes threat-informed context to incident response, security architecture reviews, and risk assessments across the cybersecurity team.


Percentage Of Time
20

Description

Cross-Functional Remediation Coordination -
  • Drives remediation outcomes with system administrators, application owners, research computing teams, and third-party vendors.
  • Develops strong working relationships with decentralized IT groups across academic departments and research labs to gain cooperation without mandate authority.
  • Coordinates with the endpoint management team and infrastructure teams to validate remediation and compensating controls.


Percentage Of Time
20

Description

Reporting & Governance -
  • Produces recurring vulnerability posture and threat landscape reports for the CISO, CIO, and institutional leadership translating scan output and intelligence into risk narratives, trend analysis, and remediation progress metrics.
  • Maintains dashboards that provide real-time visibility into vulnerability posture by business unit, asset class, and regulatory domain.
  • Supports audit and compliance evidence collection.
  • Briefs institutional governance bodies as needed on vulnerability trends, threat actor activity, and residual risk.


Percentage Of Time
20

Description

Continuous Improvement -
  • Integrates vulnerability management data with cybersecurity tooling to enable correlated, threat-informed prioritization.
  • Evaluates and recommends tooling enhancements, including external attack surface management (EASM), container/cloud-native scanning, and AI-augmented vulnerability analytics.
  • Develops and maintains operational runbooks for scanning operations, emergency out-of-cycle scanning (zero-day response), threat intelligence workflows, and integration with the incident response process.
  • Contributes to the broader cybersecurity engineering function, including participation in incident response, threat hunting, and security architecture reviews as needed.


Percentage Of Time
20

--
Demonstrates professionalism and collegiality through actions, interactions, and communications with others appropriate to an environment that is welcoming to all.

--
Performs other duties as assigned.

About Dartmouth College

Dartmouth College is a private Ivy League research university in Hanover, New Hampshire, United States. Established in 1769 by Eleazar Wheelock, it is the ninth-oldest institution of higher education in the United States and one of the nine colonial colleges chartered before the American Revolution.
Learn more about Dartmouth College
Size
12,000 employees
Industry

Similar Jobs

More Jobs at Dartmouth College

More Education, Government & Non-Profit Jobs

Find similar Senior Cybersecurity Engineer - Vulnerability and Threat Management jobs: