CrawlJobs Logo
Quzara Logo Quzara · IT - Software Development

Vulnerability Management Engineer

United States · Job Posted January 04, 2026
Apply Position
Job Link Share

Job Description

The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance. The position requires hands-on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800-53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit-ready tooling, and translate scan output into actionable remediation guidance.

Job Responsibility

  • Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements
  • Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation
  • Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage
  • Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness
  • Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation
  • Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines
  • Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational
  • Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities
  • Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments

Requirements

  • 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments
  • Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation
  • Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit)
  • Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes
  • Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation
  • Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams
  • Must be a U.S. Citizen and eligible to support federal contracting environments

Nice to have

  • Tenable Certified Nessus Expert
  • One or more of the following: Certified Ethical Hacker (CEH)
  • CompTIA PenTest+
  • Certified Information Systems Security Professional (CISSP)
Quzara - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Vulnerability Management Engineer

8 matching positions

Vulnerability Management Engineer

We’re looking for a skilled Vulnerability Management Engineer to play a key role...
Location
Location
United Kingdom , Worcestershire
Salary
Salary:
Not provided
dynamicsearch.co.uk Logo
Dynamic Search Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in vulnerability management, cyber security engineering, or related disciplines
  • Strong understanding of vulnerability scanning, risk-based prioritisation, and remediation workflows
  • Knowledge of IT and OT environments, including DMZ architectures and segmentation principles
  • Familiarity with security frameworks such as NIST and their application in operational environments
  • Experience integrating vulnerability tools with SIEM and orchestration platforms
  • Strong communication skills, with the ability to translate technical risk into operational insight
  • Willingness to engage with sites directly, including on-site assessments where required
Job Responsibility
Job Responsibility
  • Operationalise vulnerability management using a risk-based prioritisation approach
  • Develop and maintain OT site DMZ vulnerability dashboards aligned with NIST frameworks
  • Identify sites operating flat network architectures and assess associated risks
  • Conduct site engagement activities, including on-site visits where required, to validate network and vulnerability findings
  • Enhance operational metrics, reporting, and overall risk visibility across IT and OT estates
  • Automate vulnerability management processes and integrate outputs with orchestration tools and SIEM platforms
  • Assess existing vulnerability management processes and identify gaps in coverage, prioritisation, and reporting
  • Apply risk context to vulnerability data to support meaningful remediation decisions
  • Design and deliver dashboards that provide clear, actionable insight for operational and security stakeholders
  • Work with site and central teams to improve network segmentation and reduce exposure caused by flat networks
Read More
Arrow Right

Senior Staff Security Engineer – Vulnerability Management

GEICO is seeking a highly experienced Senior Staff Security Engineer to lead the...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
130000.00 - 260000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in cybersecurity or security engineering roles
  • Deep expertise with vulnerability management tools, methodologies, and industry standards
  • Hands‑on experience with modern infrastructure, cloud services (AWS/Azure/GCP), container platforms, and operating systems
  • Proficiency with a modern programming language (Python, Go, Java, etc.) and scripting for automation at scale
  • Strong understanding of security architecture, networking, operating systems, identity, and cloud services
  • Proven ability to lead, mentor, and inspire engineers across multiple teams
  • Strong communication skills with the ability to influence senior stakeholders and translate complex risks into actionable guidance
  • Hands-on experience implementing cybersecurity frameworks e.g. NIST CSF
  • Hands-on experience with leading compliance initiatives to meet e.g. PCI, SOX, NYDFS, etc.
  • Bachelor’s degree in computer science, Cyber Security, or equivalent education with relevant work experience
Job Responsibility
Job Responsibility
  • Lead the full vulnerability lifecycle: discovery, validation, risk analysis, prioritization, and remediation measurement
  • Leverage business contextualization, underlying systems, and threat intelligence to perform risk assessment for identifying true risk to drive remediation
  • Build integrations among scanning tools, asset inventory, CMDBs, ticketing, CI/CD, and monitoring pipelines to streamline workflows
  • Evaluate, test, and implement emerging tools and technologies that advance VM automation and intelligence
  • Design automation to reduce manual work, increase accuracy, and accelerate remediation
  • Generate data‑driven insights that help teams understand, prioritize, and resolve vulnerabilities efficiently
  • Collaborate with cloud, infrastructure, DevOps, and product engineering groups to integrate vulnerability management into pipelines and delivery workflows
  • Work closely with risk, compliance, governance, and incident response teams to ensure alignment with organizational and regulatory standards
  • Communicate vulnerability trends, risk implications, and remediation strategies to technical and non‑technical stakeholders
  • Define KPIs, SLAs, dashboards, and reporting models to drive accountability and measurable vulnerability reduction
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Staff Software Engineer, Vulnerability Management

GEICO is seeking an experienced full-stack engineer with a deep technical expert...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle; Renton
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Tech-lead with data engineering and software development experience in a hybrid environment (AWS, Azure, on-prem)
  • Proficiency in at least one modern programming language (Python, Java, Scala, Go) and deep experience building scalable production-grade data services, APIs, or ingestion frameworks
  • Expertise in designing, building, and operating large‑scale, resilient, and high‑performance data pipelines across distributed systems, with strong knowledge of ETL/ELT patterns, data orchestration, and data quality frameworks
  • Advanced proficiency in modern data storage and processing technologies, including SQL/NoSQL databases (e.g., PostgreSQL), query optimization, and data modeling for analytical and operational use cases
  • Hands‑on experience with reporting and analytics tools such as Power BI, Tableau, or equivalent, including developing semantic models, optimizing reporting datasets, and enabling business teams with curated data
  • Strong applied skills in distributed compute ecosystems (e.g., Spark or similar), and the ability to optimize workloads for performance, cost efficiency, and reliability
  • Extensive knowledge and experience of building data intensive large-scale distributed systems on cloud
  • Experience building the architecture and design of new and current systems (architecture, design patterns, reliability, and scaling)
  • Fluency in DevOps concepts and best practices in CI/CD pipelines and infrastructure as a code
  • Experience with application performance monitoring tools and performance assessments
Job Responsibility
Job Responsibility
  • Lead software design, development, and delivery of integrated systems to drive Vulnerability Management initiatives
  • Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our capabilities and improve overall efficiency
  • Achieve business outcomes through force multiplication
  • Develop, integrate, and maintain multilevel cybersecurity designs, architectures, policies, and procedures
  • Provide secure design guidance and recommendations to developers, infrastructure, and product engineers
  • Influence and educate partner teams to bring an engineering first approach to develop sustainable security systems
  • Mentor peers and team members in security technologies, enterprise solution design, deployment, and effective customer interaction
  • Provide motivating demonstrations and communications to show the value of our security measures to the business, highlighting the low impact on systems, improved operability and resiliency
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Staff Engineer – Vulnerability Management Automation

GEICO is seeking an experienced Staff Engineer with a passion for building high ...
Location
Location
United States , Chevy Chase; Palo Alto; Dallas; Seattle
Salary
Salary:
110000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong software engineering background building production services and tooling (Python or Go preferred
  • TypeScript a plus)
  • Deep knowledge of Linux and Windows Server administration and patching in enterprise environments
  • Hands‑on experience with vulnerability scanners and their APIs (Tenable/Nessus, Qualys, Rapid7) and risk models (CVSS, KEV, EPSS)
  • Proficiency with configuration management and IaC (Ansible/Puppet/Chef/Salt
  • Terraform/Pulumi/Crossplane, Helm/Kustomize)
  • Experience with event‑driven and batch data pipelines (e.g., Kafka/SNS/SQS/PubSub), relational data stores, and caching
  • Familiarity with cloud (AWS/Azure/GCP), containers/Kubernetes, and image pipelines (e.g., Packer)
  • Solid understanding of authN/authZ, secrets management, and least‑privilege access for platforms and automation
  • Excellence in observability and reliability practices (OpenTelemetry/Prometheus/Grafana) with an SLO mindset
Job Responsibility
Job Responsibility
  • Define the technical roadmap for vulnerability management and patch automation platforms
  • Establish standards, patterns, and paved roads for scanning, triage, remediation, and verification
  • Mentor engineers across Security and Platform teams on software and systems design best practices
  • Drive design reviews, architecture decisions, and quality gates for reliability and security
  • Design and implement services for asset/CMDB enrichment, risk scoring, and intelligent targeting
  • Build controllers/schedulers for maintenance windows, deployment rings/canaries, pre/post checks, automated backoff/rollback, and progressive delivery
  • Deliver self‑service CLIs/SDKs and internal UIs to request, schedule, and track remediation
  • Implement idempotent, policy‑driven workflows for patching and baseline enforcement across Windows and Linux
  • Integrate with image pipelines to shift‑left patching and hardening
  • Integrate scanner data and external intel into unified pipelines
What we offer
What we offer
  • Comprehensive Total Rewards program
  • 401K savings plan with 6% match
  • performance and recognition-based incentives
  • tuition assistance
  • mental healthcare
  • fertility and adoption assistance
  • workplace flexibility
  • GEICO Flex program (work from anywhere in the US for up to four weeks per year)
  • Fulltime
Read More
Arrow Right

Threat and Vulnerability Management Engineer

Location
Location
India , Bengaluru
Salary
Salary:
Not provided
cigres.com Logo
Cigres
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 8 years experience in Threats and Vulnerability management in a corporate environment
  • Hands-on expertise operating, integrating Qualys platforms using console, scripting, and automation frameworks
  • Hands-on expertise programming in Python
  • Hands-on experience analysing Vulnerability data for both on-prem, cloud and cloud native environments
  • Have a sense of urgency in production issues and be a proactive speaker and listener
  • Bachelor's degree in cyber security or computer Engineering
Job Responsibility
Job Responsibility
  • Manage Qualys console using various modules
  • Make sure client agent coverage is managed at a good level
  • Support business with Qualys and/or Vulnerability Management requests
  • Understand the current state of the technology components in the IT stack ranging from networking, storage, compute (virtualization, containers), applications & security mgmt
  • Collaborate with team-mates and understand the threats, vulnerabilities, and risks to the enterprise
  • Establish non-production and production environments for testing and hosting the applications
  • Own the end-to-end technical design, unit testing and the maintenance of the hosting environment
  • Adhere to the Scaled Agile Framework methodologies and tools that exists in the environment
  • Participate in daily stand-up sessions of Compliance & Security release train and contribute to bi-weekly sprints
  • Learn System Engineering concepts to analyse existing environment and find more efficient ways
  • Fulltime
Read More
Arrow Right

Vulnerability Management Security Engineer

As a Vulnerability Management Engineer, you will be a vital part of Adevinta's I...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • You have a hacker mindset, an open mindset, with technical skills and a passion for security
  • You have strong analytical and problem-solving skills, with the ability to synthesise complex data into actionable insights
  • You recognize the need for automation to handle problems at scale, and you can implement that automation
  • You are proficient in cloud operations, particularly in AWS but ideally also in GCP
  • You have excellent fundamental knowledge of network, protocol, system and application security, as well as of the industry-standard strategies and frameworks that apply
  • You have software development skills and database knowledge
  • You have excellent communication and interpersonal skills, with the ability to build relationships and influence others
  • You deal with problems by taking ownership and by collaborating with others
  • You are fluent in English (spoken and written)
  • You are comfortable in a multicultural environment
Job Responsibility
Job Responsibility
  • You will conduct and manage bug bounty programs, perform and manage penetration testing, and lead threat modelling sessions
  • You will automate internal flows for security data aggregation
  • You will integrate security tools by automated means
  • You will automate the handling of threat intelligence and environment data in order to enhance security controls
  • You will ensure our assets are properly reporting events to the SIEM, and support the definition of rules for generating alerts
  • You will support the other Infosec teams as a subject-matter expert
  • You may be required to travel occasionally, mainly inside the EU, to our main hubs
  • You will have the possibility of being on-call
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • Fulltime
Read More
Arrow Right

Vulnerability Management Technical Project Lead

The Tech Lead/ServiceLine Lead will be responsible for the operational, organisa...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Total Experience Expected: 08-10 years
  • Bachelor's degree or Master's in Computer Science, Engineering, or related field
  • Proven leadership experience
  • Strong people management and client‑facing governance skills
  • Executive communication (FR/EN written & verbal reporting
  • Crisis management & escalation handling for P0/P1 situations
  • Data‑driven decision making using KPIs, dashboards, and trends
  • Continuous improvement & automation mindset
  • Proficiency in ServiceNow SECOPS (certification preferred), vulnerability detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR, WIZ, NESSUS PRO, Dynatrace), CMDB, VISIT, reporting tools (PowerBI, PowerPoint), and adherence to security standards and Client SLAs is required
Job Responsibility
Job Responsibility
  • Monitoring of critical P0 / P1 vulnerabilities
  • Steering CTI incidentology
  • Execution and governance of COD controls
  • Organisation of committees and reporting
  • Operational management and team skill development
  • Contribution to process, tool, and KPI optimisation
  • Promptly responding to P0/P1 vulnerabilities, including identification, assessment, patching, documentation, and development of remediation plans when patching is not possible
  • Coordinate and oversee P0 vulnerability follow-up meetings, communicate updates and remediation progress, escalate unresolved issues, and ensure compliance with established deadlines
  • To attend, present & track regular meetings and committee sessions with vulnerability status, track remediation efforts, report key performance indicators, and coordinate with divisions on security tools and control enhancements
  • Oversees the execution, analysis, and remediation of six COD controls, ensuring effective risk reduction and planning for additional controls to further mitigate cyber threats
  • Fulltime
Read More
Arrow Right

Vulnerability Management Senior Cyber Security Analyst

Location (Primary) - Noida / Chennai (Secondary) GCF Level - 2A(01 nos) & 2B(01 ...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must hands on experience with detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR, WIZ, NESSUS PRO, Dynatrace)
  • Experience information system management and mapping tools (CMDB, VISIT)
  • Good knowledge of software distribution tools (SCCM, Intune, Satellite, Ansible, etc.), and reporting and analysis tools (PowerBI)
  • Experience with ServiceNow (SNOW), specifically the SECOPS module
  • Strong understanding of - On-prem infrastructure, SaaS / IaaS / Cloud workloads, Application vulnerability context
  • Ability to enrich findings using CMDB / asset mapping tools
  • Working knowledge of - SCCM, Intune, Ansible, Satellite
  • Stakeholder & Coordination Skills
  • Documentation & Effective Communication - Clear communication (EN/FR preferred) with structured documentation mindset
  • Process & Continuous Improvement Mindset
Job Responsibility
Job Responsibility
  • Oversee the receipt, analysis, and tracking of vulnerabilities from various sources (CERT, scanning tools, division reports)
  • manage backlog processing, and create or update vulnerability tickets using multiple detection and asset management tools
  • Assess and identify impacted assets across various environments
  • Qualify vulnerabilities by evaluating exposure, versions, severity, attack vectors, and client context
  • Enhance asset information using CMDB, and promptly issue alerts for critical vulnerabilities
  • Develop, implement, and coordinate remediation plans by analyzing security advisories and scan reports
  • Defining tailored action strategies (including patches, workarounds, and updates)
  • Prioritizing tasks, tracking requests in ServiceNow
  • Sending criticality-based reminders, and supporting remediation teams
  • Monitor and validate patch application by ensuring timely verification
  • Fulltime
Read More
Arrow Right