Senior Associate Information Security Engineer

About the Role

Key duties include configuring and executing scheduled and ad‑hoc network and host scans, developing scanning strategies for comprehensive coverage, and analyzing vulnerability data to spot trends and impacts. The analyst partners with enterprise stakeholders to prioritize remediation, notifies system owners, and tracks progress against SLAs. Regular metrics are created and presented to management, and OS baseline configurations are maintained in line with CIS controls. • Configure and run scheduled and ad‑hoc network and host vulnerability scans using enterprise‑grade tools. • Develop and refine scanning strategies to ensure full coverage across all environments. • Analyze scan results to identify trends, assess impact, and report findings to stakeholders. • Collaborate with cross‑functional teams to prioritize remediation based on compliance and risk factors. • Notify system owners and guide them to meet remediation SLAs through formal processes. • Produce weekly and monthly metrics and present them to management and executive audiences. • Maintain and validate OS baseline configurations aligned with CIS Critical Security Controls. • Communicate risk assessments and recommend security controls to stakeholders at all levels. • Evaluate exposure to zero‑day and high‑severity vulnerabilities for timely response. • Operate vulnerability scanning platforms (e.g., Nexpose, Nessus, Qualys) and apply CVSS/MITRE ATT&CK frameworks. • Leverage automation with Python, PowerShell, or similar to streamline repetitive tasks. • Utilize asset and application management systems to scale vulnerability workflows. • Work closely with security operations, fusion centers, and incident response teams. • Apply knowledge of compensating controls to aid remediation prioritization.

Key Responsibilities

• ▸vulnerability scanning
• ▸scan strategy
• ▸risk analysis
• ▸remediation coordination
• ▸metrics reporting
• ▸automation scripting

What You Bring

The Threat and Vulnerability Management (TVM) Analyst drives security by identifying, assessing, and reporting vulnerabilities across corporate assets, aiming to reduce exploitation risk and meet remediation SLAs. The role involves vulnerability scanning, risk analysis, patch management, and coordination with multiple internal teams across cloud, container, and application environments. Proficiency with scanners, cloud security, software development practices, and compliance frameworks is essential. Successful candidates have hands‑on experience with vulnerability scanning platforms such as Nexpose, Nessus or Qualys, strong knowledge of operating systems, networks, virtualization and cloud environments, and familiarity with risk frameworks like CVSS and MITRE ATT&CK. Automation skills in Python, PowerShell or similar, and experience working with security operations or fusion centers are required. Candidates must be self‑motivated, possess strong communication abilities, hold a bachelor’s degree (master’s preferred), and ideally hold information‑security certifications. • Demonstrate self‑starter attitude, strong communication, and ability to work independently. • Hold a bachelor’s degree (master’s preferred) and relevant information‑security certifications.

Requirements

• ▸vulnerability scanners
• ▸python
• ▸powershell
• ▸cvss
• ▸mitre att&ck
• ▸bachelor's

Work Environment

Office Full-Time