CrawlJobs Logo

Vulnerability Management Engineer

quzara.com Logo

Quzara

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance. The position requires hands-on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800-53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit-ready tooling, and translate scan output into actionable remediation guidance.

Job Responsibility:

  • Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements
  • Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation
  • Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage
  • Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness
  • Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation
  • Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines
  • Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational
  • Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities
  • Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments

Requirements:

  • 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments
  • Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation
  • Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit)
  • Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes
  • Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation
  • Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams
  • Must be a U.S. Citizen and eligible to support federal contracting environments

Nice to have:

  • Tenable Certified Nessus Expert
  • One or more of the following: Certified Ethical Hacker (CEH)
  • CompTIA PenTest+
  • Certified Information Systems Security Professional (CISSP)

Additional Information:

Job Posted:
January 04, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Quzara - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Vulnerability Management Engineer

Junior Vulnerability Management Engineer

We’re seeking a Junior Vulnerability Management Engineer to join our Security En...
Location
Location
Bulgaria , Sofia
Salary
Salary:
Not provided
ebrd.com Logo
European Bank for Reconstruction and Development
Expiration Date
January 12, 2026
Flip Icon
Requirements
Requirements
  • High level of technical expertise in cybersecurity, including familiarity with relevant penetration and intrusion techniques and attack vectors
  • Understanding of web technologies
  • Grasp of core security fundamentals and concepts
  • Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities
  • Understanding of offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool
  • Proficient at creating their own scripts regular expressions in their preferred scripting language
  • Technical knowledge in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
  • Technical knowledge in security engineering, system and network security, authentication and security protocols
Job Responsibility
Job Responsibility
  • Supports the planning, development and execution of vulnerability scans of the organisations information systems
  • Assists with identifying and resolving false positive findings in assessment results
  • Assists with reconnaissance and information collection on the target environment or attack surface
  • Supports the identification of potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users)
  • Supports the validation of weaknesses via exploitation, and reports their findings
  • Assists with providing recommendations on security controls and/or corrective actions for mitigating technical and business risk
  • Supports the creation of hypotheses for analytics and testing of threat data
  • Analyses data from threat and vulnerability feeds and analyses data for applicability to the organisation
  • Supports the generation of reports on assessment findings and summarises to facilitate remediation tasks
  • Assists with communicating lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities
What we offer
What we offer
  • Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in
  • A working culture that embraces inclusion and celebrates diversity
  • We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum)
  • An environment that places sustainability, equality and digital transformation at the heart of what we do
  • A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits
  • Fulltime
!
Read More
Arrow Right

Engineering Manager, Offensive Security & Vulnerability Management

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
Canada , Toronto
Salary
Salary:
161500.00 - 190000.00 CAD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security
  • 3+ years managing technical teams in Offensive Security, Red Teaming, or Vulnerability Management
  • Strong technical foundations in adversary simulation, threat modeling, and vulnerability lifecycle management
  • Strategic thinking, translating offensive findings and vuln data into business risk language and operational improvements
  • Experience building and scaling automated security validation (e.g. Purple teaming, attack simulation, continuous testing frameworks)
  • Operating in complex challenging environments and networks
  • Influence across functions and driving remediation outcomes without direct authority
Job Responsibility
Job Responsibility
  • Lead the Offensive Security team in planning and executing red team operations, internal penetration tests, and adversary emulation campaigns
  • Oversee the Vulnerability Management team responsible for running our bug bounty program as well as continuous discovery, triage, and remediation of vulnerabilities across infrastructure, applications, and cloud environments
  • Define and drive the strategy for Autonomic Security Operations, investing in automated testing and validation pipelines that codify security knowledge and detection coverage
  • Partner closely with engineering, product, threat intelligence and detection & response stakeholders to ensure controls are continuously tested and vulnerabilities are effectively surfaced
  • Build processes, tooling, and dashboards to track and communicate vulnerability and control assurance metrics to stakeholder and leadership
  • Contribute to long-term security planning by identifying control gaps, operational bottlenecks, and opportunities to scale security through automation
What we offer
What we offer
  • bonus opportunities
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right

Engineering Manager, Offensive Security & Vulnerability Management

Robinhood’s Security Operations team is seeking a strategic and technical Senior...
Location
Location
United States , Menlo Park
Salary
Salary:
217000.00 - 255000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security
  • 3+ years managing technical teams in Offensive Security, Red Teaming, or Vulnerability Management
  • Strong technical foundations in adversary simulation, threat modeling, and vulnerability lifecycle management
  • Strategic thinking, translating offensive findings and vuln data into business risk language and operational improvements
  • Experience building and scaling automated security validation (e.g. Purple teaming, attack simulation, continuous testing frameworks)
  • Operating in complex challenging environments and networks
  • Influence across functions and driving remediation outcomes without direct authority
Job Responsibility
Job Responsibility
  • Lead the Offensive Security team in planning and executing red team operations, internal penetration tests, and adversary emulation campaigns
  • Oversee the Vulnerability Management team responsible for running our bug bounty program as well as continuous discovery, triage, and remediation of vulnerabilities across infrastructure, applications, and cloud environments
  • Define and drive the strategy for Autonomic Security Operations, investing in automated testing and validation pipelines that codify security knowledge and detection coverage
  • Partner closely with engineering, product, threat intelligence and detection & response stakeholders to ensure controls are continuously tested and vulnerabilities are effectively surfaced
  • Build processes, tooling, and dashboards to track and communicate vulnerability and control assurance metrics to stakeholder and leadership
  • Contribute to long-term security planning by identifying control gaps, operational bottlenecks, and opportunities to scale security through automation
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Vulnerability Management Security Engineer

As a Vulnerability Management Engineer, you will be a vital part of Adevinta's I...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • You have a hacker mindset, an open mindset, with technical skills and a passion for security
  • You have strong analytical and problem-solving skills, with the ability to synthesise complex data into actionable insights
  • You recognize the need for automation to handle problems at scale, and you can implement that automation
  • You are proficient in cloud operations, particularly in AWS but ideally also in GCP
  • You have excellent fundamental knowledge of network, protocol, system and application security, as well as of the industry-standard strategies and frameworks that apply
  • You have software development skills and database knowledge
  • You have excellent communication and interpersonal skills, with the ability to build relationships and influence others
  • You deal with problems by taking ownership and by collaborating with others
  • You are fluent in English (spoken and written)
  • You are comfortable in a multicultural environment
Job Responsibility
Job Responsibility
  • You will conduct and manage bug bounty programs, perform and manage penetration testing, and lead threat modelling sessions
  • You will automate internal flows for security data aggregation
  • You will integrate security tools by automated means
  • You will automate the handling of threat intelligence and environment data in order to enhance security controls
  • You will ensure our assets are properly reporting events to the SIEM, and support the definition of rules for generating alerts
  • You will support the other Infosec teams as a subject-matter expert
  • You will work in a hybrid remote/on-site environment, with the team physically spread across different geolocations (Adevinta’s hubs: Barcelona & Amsterdam)
  • You may be required to travel occasionally, mainly inside the EU, to our main hubs
  • You will have the possibility of being on-call
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • Fulltime
Read More
Arrow Right

Senior Backend Engineer (Golang) Security & Vulnerability Management

Endor Labs is on a mission to enhance developer productivity and accelerate open...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in engineering with 6-8 years of experience building scalable backends for product/SaaS companies
  • At least 3-years experience in Golang programming with a focus on microservices/distributed architecture
  • Triaging, prioritizing and resolving vulnerabilities reported for containers and application-level dependencies, as well as solid knowledge of common standards in this space, e.g., CVE, CVSS, OVAL or PURL
  • Using two or more package managers of different ecosystems (e.g., Java/Maven, Node.js/npm or Debian/APT) for pulling and publishing artifacts, esp. in combination with company-internal registries, plus an understanding of their respective dependency specification formats, resolution algorithms and versioning conventions/formats
  • Practical experience in designing APIs with one or more frameworks (gRPC [preferred], ReST, GraphQL, Thrift, etc.)
  • Ability to build and design technical solutions from scratch and your code and documentation can be used as an example for coding best practices at Endor
  • Scalable Distributed System Experience - understand micro-services and domain-driven design, load balancing, horizontal/vertical scaling, and stateless architectures
  • Architecture - knowledge of data structures and a keen eye for building architectures that scale and extend easily for longevity
  • Apply data-driven techniques to evaluate and propose architectural choices
  • Ability to discuss tradeoffs between architecture’s choice to influence groups to move in the right direction
Job Responsibility
Job Responsibility
  • Architect and build the core backend infrastructure for SaaS products
  • Design, architect, and build features end-to-end while working closely with Product Management and the engineering team
  • Ensure scalability, reliability, and performance of systems
  • Drive innovation, make critical architectural decisions, and lead the implementation of cutting-edge technologies
  • Troubleshoot distributed systems and solve root causes.
  • Fulltime
Read More
Arrow Right

Vulnerability Management Technical Lead

The role includes managing and optimizing vulnerability management workflows usi...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4 to 8 years of experience
  • engineering graduate - preferably B.E./B.Tech in IT or Computer Engineering
  • strong analytical skills
  • experience with security information and event management (SIEM) tools
  • ~5 years of experience in information security, specifically in end-to-end vulnerability management with 2-3 years hands-on Rapid7 experience
  • advanced degrees or certifications preferred
  • knowledge of current cybersecurity trends, threats, and techniques
  • understanding of regulatory requirements
  • ability to work independently and collaboratively
  • good interpersonal and communication skills
Job Responsibility
Job Responsibility
  • ensure that Rapid7 is fully and effectively implemented
  • assist with design, implementation, and optimization of automated tagging workflows
  • build and refine InsightVM dashboards and reports for insights
  • integrate Rapid7 with external systems for accurate asset context and automated remediation ticket creation
  • collaborate with IT teams to reduce false positives and orphaned assets
  • implement and support scan scheduling and tuning
  • assist in risk acceptance workflows
  • troubleshoot scan and synchronization issues
  • drive process improvements in vulnerability management workflow
  • deliver security reports and presentations
What we offer
What we offer
  • inclusive and respectful work environment
  • positions open to people with disabilities
  • Fulltime
Read More
Arrow Right

Engineering Manager

As the Engineering Manager for Checkout & Payments (m/f/d), you'll play a vital ...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
cherry.vc Logo
Cherry Ventures
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • People leadership experience: Demonstrated experience building psychological safety, coaching engineers, and providing direct, compassionate feedback
  • You have a track record of hiring, developing, and retaining high-performing engineering teams
  • Payments domain expertise: Direct experience building or leading teams that operate payment systems at scale
  • You understand payment provider integrations, transaction reliability, idempotency patterns, and the complexities of processing payments across different methods and markets
  • Strong technical foundation: Solid knowledge of backend systems, microservices architecture, and building for scale
  • You can engage meaningfully in architectural discussions and guide your team toward quality trade-offs
  • Reliability mindset: Experience running high-reliability services with SLIs/SLOs, observability, and incident management practices
  • Communication skills: Ability to translate complex technical challenges into clear business impact for diverse stakeholders
Job Responsibility
Job Responsibility
  • Lead & Grow Engineers: Build a high-trust environment where engineers thrive and take ownership
  • You own end-to-end hiring, onboarding, and performance management, accountable for building and continuously improving how we attract talent
  • Ensure every team member has a clear career path and receives regular, actionable feedback
  • Help your team get 1% better every day
  • Drive Product & Business Impact: Partner with Product, Design, and Analytics to shape initiatives that directly impact Flink's revenue and customer experience
  • You'll work on challenges like increasing our Payment Success Rate, enabling customers to shop seamlessly across multiple devices, building internal tools that enable self-service for the products we build, and protecting our customers through fraud prevention initiatives
  • Own Critical Systems: Your team owns the systems that power the checkout experience, process payments, set prices, apply promotions, and present delivery options to customers (partnering with our dispatching teams to surface what's possible)
  • Guide Technical Direction: Shape the technology strategy for Checkout & Payments
  • Ensure your team makes the right technical decisions to deliver high-quality solutions reliably and repeatedly
  • You'll be included in architectural discussions, RFCs, and trade-off decisions, championing reliability, observability, and pragmatic engineering
What we offer
What we offer
  • A €1000 annual L&D budget as well as individual coaching options to ensure you have plenty of opportunities to learn, grow and achieve your goals
  • 26 days of vacation, +1 day every year up to a maximum of 30 days
  • A mobility budget of 35 EUR per month for Deutschland Ticket subsidy
  • A cool discount on your Urban Sports Club membership
  • Attractive company pension options
  • Unlimited access to an e-learning and development platform, MyAcademy, including online German courses
  • Online discounts with Corporate Benefits and Future Bens
  • A cool discount off your personal Flink orders
  • be the first to test out new products!
  • A modern and dog-friendly office in the heart of Berlin - lots of delicious lunch spots available within short walking distance
  • Fulltime
Read More
Arrow Right

Security Engineering Manager

Corporate Tools is looking for a Security Engineering Manager who eats vulnerabi...
Location
Location
Salary
Salary:
185000.00 USD / Year
corporatetools.com Logo
Corporate Tools
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Computer Science or equivalent experience
  • 5+ years building and securing software — hands‑on experience with web frameworks (Rails, Django, Node, etc.) and modern architectures
  • Proven application security expertise: secure SDLC, OWASP, threat modeling, exploit mitigation, and vulnerability remediation
  • Experience leading security or engineering teams — setting strategy, running scrums, conducting reviews, and mentoring talent
  • Strong knowledge of cloud environments (AWS, Azure, GCP) and securing databases (SQL/NoSQL) in production
  • Exposure to offensive and defensive security practices — red team, blue team, or incident response experience a plus
  • Ability to communicate risk and solutions to execs, engineers, and auditors — respected by hackers and trusted by leadership
  • Pragmatic mindset: knows when to enable speed, when to block, and how to automate guardrails to keep teams fast and safe
Job Responsibility
Job Responsibility
  • Lead 6 security engineers across three specialized teams: Red (offense), Blue (defense), and Orange (compliance)
  • Own the security strategy and execution for offensive testing, defensive monitoring, and compliance work — ensuring all three disciplines are aligned
  • Act as the technical anchor for the teams: review code, guide exploits, drive secure architecture decisions, and mentor engineers
  • Partner with product and engineering leads to embed security into development (threat modeling, secure coding, CI/CD guardrails)
  • Build internal security tools and automation that make it easier for product teams to ship securely
  • Oversee red team engagements and turn findings into actionable fixes, not just reports
  • Manage defensive capabilities — incident response, detection engineering, monitoring — and continually improve them
  • Ensure compliance frameworks (SOC2, ISO, PCI, etc.) are met without slowing innovation or creating unnecessary bureaucracy
  • Set a high technical bar: coach, mentor, and challenge engineers to pursue elegant, practical security solutions
  • Balance being a builder and a leader: stay hands‑on enough to earn respect from hackers, but prioritize leading and scaling the team’s impact
What we offer
What we offer
  • 100% employer-paid medical, dental and vision for employees
  • Annual review with raise option
  • 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
  • Paid Parental Leave
  • Up to 6% company matching 401(k) with no vesting period
  • Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
  • Open concept office with friendly coworkers
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy