Senior Vulnerability Engineer

AgreeYa Solutions

• $100K — $130K *

Phoenix, AZ 85032In-Person

Finance & Insurance

5 - 7 years of experience

1 month ago

By clicking Apply, I agree with Ladders' Terms of Use and Privacy Policy

Job Overview by Ladders

Qualifications

Bachelor's degree or equivalent practical experience.
7+ years in vulnerability remediation, patch and configuration management, and operational security engineering.
Strong hands-on skills in patching, configuration changes, and evidence collection.
Proficient in ServiceNow Vulnerability Response (VR) with a focus on workflow management.
Experience with vulnerability scanning tools such as Rapid7 and Wiz, plus analytics tools like Power BI.
Clear communicator with the ability to influence and coordinate across diverse IT teams.
Experience in the financial services sector with an understanding of regulatory compliance.

Responsibilities

Drive timely remediation of security vulnerabilities and configuration gaps.
Lead weekly/biweekly remediation meetings with IT teams to set expectations and drive actions.
Execute hands-on remediation activities to meet SLA targets and validate effectiveness.
Serve as a subject matter expert for ServiceNow VR, managing workflows and exceptions.
Conduct monthly health reviews of KPIs and SLAs, communicating risk and progress effectively.
Develop action plans for critical vulnerabilities, ensuring accountability and momentum.
Provide routine stakeholder updates on remediation status and timelines.

Benefits

Opportunities for professional development and training.
Dynamic work environment with a focus on innovation.
Collaboration with cross-functional teams.
Access to advanced security tools and technologies.
Support for continuous improvement of processes and workflows.

Full Job Description

Position Title :: Senior Vulnerability Engineer
Locations :: Phoenix AZ / Westerville OH

Job Description:
The Senior Vulnerability Engineer is a hands-on role responsible for driving timely, high-quality remediation of security vulnerabilities and configuration gaps across enterprise environments. This position owns the remediation execution cadence-from tool-generated findings through validation, assignment, evidence collection, risk acceptance coordination, and closure-and is expected to operate effectively in a fast-paced, operational setting with minimal ramp-up time. The role requires clear communication, disciplined expectation setting with IT teams, early identification of blockers, and delivery of decision-ready status and risk reporting to stakeholders and leadership.
Demonstrate advanced proficiency with the ServiceNow Vulnerability Response (VR) module to manage end-to-end vulnerability workflows, including triage, assignment, SLA tracking, exception and risk acceptance processing, remediation evidence captures, and closure.

Lead a high-tempo remediation cadence (weekly or biweekly) with IT teams; set clear expectations, drive action-item closure, and escalate impediments as required.
Execute hands-on remediation activities to achieve SLA targets, including patching, configuration changes, implementation of compensating controls, and post-remediation validation; proactively manage at-risk items using documented recovery plans.
Apply advanced ServiceNow Vulnerability Response (VR) capabilities, including vulnerability group and item management, routing and assignment, SLA and aging oversight, exception and risk acceptance handling, and closure workflows; utilize Rapid7 and Wiz as primary sources of findings.
Partners with patching and IT teams to execute remediation plans, validate remediation effectiveness, and maintain accurate, auditable closure evidence.
Provide concise, executive-ready reporting (Power BI and ServiceNow) on SLA performance, aging, risk trends, and decisions required for operational reviews and leadership updates.

What you will do:
Drive remediation of tool-identified vulnerabilities by validating applicability and asset context, determining the appropriate remediation approach (patch, configuration change, compensating control), coordinating execution with IT teams, and verifying closure.
Serve as a ServiceNow Vulnerability Response (VR) subject matter expert, including vulnerability group and item management, routing and assignment, SLA and aging tracking, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Conduct monthly KPI/KRI and SLA health reviews; communicate risk and progress clearly, set expectations, and drive timely decisions with leadership and stakeholder teams.
Develop and drive remediation action plans (owners, milestones, and escalation paths) for critical and high-severity vulnerabilities; maintain momentum and accountability in a fast-paced environment.
Build and maintain actionable dashboards and reporting (Power BI and ServiceNow VR) that communicate remediation health, SLA risk, vulnerability aging, and trend insights.
Facilitate exception and risk acceptance requests by ensuring documentation quality, appropriate approvals, defined expiration dates, and end-to-end tracking of compensating controls.
Provide routine (daily/weekly) stakeholder updates that clearly communicate status, next steps, owners, and estimated timelines; escalate when expectations or SLAs are at risk.
Document and continuously improve standard operating procedures (SOPs) and coach junior team members on remediation workflows and ServiceNow VR best practices.

What you will need:
Bachelor's degree or equivalent practical experience.
Seven (7) or more years of experience in vulnerability remediation, patch and configuration management, and operational security engineering in fast-paced environments.
Strong troubleshooting and hands-on remediation skills, including patching, configuration changes, validation and verification, and evidence collection.
Demonstrated high skill in ServiceNow Vulnerability Response (VR), including vulnerability groups and items, routing and assignment, SLA and aging management, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Clear, concise communicator (written and verbal) with demonstrated ability to set expectations, influence without authority, and coordinate across multiple IT teams in a matrixed environment.
Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and reporting/analytics (e.g., Power BI); ability to translate data into action.
Demonstrated ability to operate as a self-starter with minimal oversight, manage multiple workstreams, set expectations, and drive remediation to closure.
Experience in the financial services industry with proven regulatory and compliance discipline.
Strong analytical skills with the ability to translate vulnerability data into remediation plans, operational metrics, and risk-based communication.

* Ladders Estimates

Similar Jobs

Senior Vulnerability Management Analyst
$114K — $160K *
Advisor Group
Scottsdale, AZ 85254 (Maricopa County)
Today
Manager - ASM Vulnerability Management FDE
$120K — $150K *
Deloitte
San Diego, CA 92154 (San Diego County)
2 days ago
Senior Consultant - Engineering Management
$100K — $140K *
Deloitte
San Diego, CA 92154 (San Diego County)
1 week ago
Senior Manager - ASM Vulnerability Management
$120K — $150K *
Deloitte
Tempe, AZ 85281 (Maricopa County)
1 week ago
Vulnerability Management Lead
$75K — $158K *
CACI International
Remote
1 week ago
Continuous Threat Exposure Management (CTEM) Manager
$124K — $229K *
Deloitte
San Diego, CA 92154 (San Diego County)
4 weeks ago