Vulnerability Management Engineer

A North Carolina-based financial services firm is currently seeking a new Vulnerability Management Engineer to join their growing team in Charlotte. In this role, the Vulnerability Management Engineer will primarily focus on security tool engineering in the vulnerability management space, integrating these tools with downstream repositories, and providing needful guidance on remediating findings.

***This is a Hybrid opportunity, requiring the qualified professional to work onsite at the company's Charlotte, NC office at least 3 days per week.***

Responsibilities:

• Addressing vulnerabilities identified in the company's on-prem and cloud infrastructure to ensure compliance with audit mandates
• Remediating issues flagged by vulnerability scanning tools, which require specific expertise to handle cloud-native threats
• Ensuring security hygiene for containerized applications, including vulnerability scanning and remediation for container images and lifecycle management
• Developing necessary integrations for key cybersecurity tools as outlined by the audit findings and managing data integration with security platforms to provide comprehensive coverage and visibility across systems
• Implementing automation for security processes to streamline threat detection and response, which is essential for meeting audit requirements and mitigating security risks efficiently
• Perform other duties, as needed

Qualifications:

• 5 years of experience in Cybersecurity, Vulnerability Management, and/or IT Security
• Bachelor's Degree in Computer Science, Information Security, Cybersecurity, or a related field
• Strong problem-solving and analytical skills
• Experience working in a fast-paced, high-security environment.

Desired Skills:

• Incident Response and Crisis Management experience
• Strong knowledge of vulnerability assessment tools (e.g., Tenable Nessus, Qualys, Rapid7, CrowdStrike Falcon Spotlight).
• Experience with SIEM platforms (e.g., Splunk, ELK Stack) and security automation tools
• Understanding of patch management processes and endpoint security solutions
• Proficiency in cloud security (AWS, Azure, Google Cloud) and container security.
• Knowledge of secure coding practices and application security testing
• Familiarity with penetration testing methodologies and threat modeling
• Knowledge of NIST, CIS, ISO 27001, PCI-DSS, SOX, and FFIEC guidelines
• Experience with compliance audits and risk assessments in a financial environment
• Experience in the Financial Services and/or a highly-regulated industry