Position SummaryWe are seeking a highly skilled Vulnerability Management & Response Engineer to help operate and continuously improve our enterprise Vulnerability Management (VM) program. This role is responsible for owning core VM processes end-to-end-identification, assessment, prioritization, exception handling, remediation tracking, and validation-across on-premises and cloud environments using Tenable. The position drives risk-informed decisions and facilitates remediations with the asset owners.
This role will partner cross-functionally with Infrastructure, Development, Risk, and Compliance teams to maintain continuous scanning coverage, meet remediation SLAs, and mature the VM program through automation, reporting, and governance. The ideal candidate has proven experience running a Vulnerability Management program at enterprise scale, with hands-on Tenable administration and a track record of driving remediation outcomes with asset owners.
Key Responsibilities- Own day-to-day operations of the Tenable platform (e.g., scan configuration, scheduling, coverage monitoring, credentials management, and results troubleshooting).
- Lead triage, assignment, and validation of vulnerability remediation tasks across infrastructure and application stakeholders.
- Define, maintain, and enforce SLA-based remediation, including escalation and executive reporting for SLA drift.
- Integrate Tenable findings and remediation workflows with SCCM, Intune, SOAR, SIEM, and ticketing systems to enable automated assignment, tracking, and validation.
- Conduct quarterly reconciliation of Tenable scanner output with CMDB and asset inventories to validate coverage, ownership, and data quality.
- Maintain an auditable exception register with documented risk acceptance, compensating controls, approvals, and expiration controls.
- Produce VM program metrics and reporting (weekly, monthly, quarterly, and annually), including risk trends, SLA performance, and remediation outcomes.
- Run a recurring VM governance cadence (e.g., quarterly working sessions) to review SLA drift, backlog health, scanner coverage, and tool-to-tool integrations.
- Support internal audit and regulatory review of the Vulnerability Management program by providing evidence, metrics, and control narratives.
Required Qualifications- 5+ years of hands-on experience running an enterprise Vulnerability Management program (process, governance, metrics, and remediation outcomes), not just point-in-time scanning.
- Hands-on experience with Tenable, including scan configuration, credentialed scanning, reporting, and troubleshooting.
- Deep understanding of vulnerability scoring systems (CVSS), threat intelligence correlation, and risk-based prioritization to drive remediation sequencing.
- Experience leading or contributing to patching strategies using SCCM, Intune, or similar tools.
- Strong documentation and process improvement skills.
- Proven ability to collaborate across technical and non-technical teams.
Preferred Qualifications- Experience integrating VM tools with SOAR, SIEM, or ticketing platforms like Remedyforce or ServiceNow.
- Knowledge of container security, cloud-native security controls (Azure, AWS, GCP), and API-based vulnerability exposure.
- Exposure to CMDB reconciliation and asset discovery in dynamic environments.
- Experience presenting technical risk summaries to executive or audit stakeholders.
