Vulnerability Remediation Engineer

Job Title: Vulnerability Remediation Engineer

Location: Raritan NJ 08869 / REMOTE

Job Description:

• Implement capabilities for a global Vulnerability Management program: internal/external exposure imminent threats prioritization remediation facilitation.
• Serve as technical SME for vulnerability tools and processes (Tenable Qualys Rapid7 or equivalent).
• Continuously improve VM processes for coverage efficiency and visibility.
• Leverage automation analytics and threat intelligence to improve accuracy and reduce remediation timelines.
• Operate/optimize scanning platforms discovery tooling and reporting pipelines for asset visibility.
• Partner with Infrastructure Engineering Application and Cloud teams to reduce risk across environments.
• Lead critical vulnerability identification and response exercises including zero-day/imminent threats.
• Develop and maintain metrics dashboards and executive-level reporting on posture remediation progress and program maturity.
• Track and communicate remediation SLAs risk reduction and program improvements.

Qualifications and Skills:

• Technical proficiency across network system and application layers; scanning asset discovery and exploit analysis
• Hands-on experience with VM tools (e.g. Qualys VMDR/WAS Rapid7 InsightVM/AppSec) and discovery utilities (Nmap SSLScan Shodan BitSight Security Scorecard custom scripts).
• Knowledge in threat intel and data-driven prioritization (CVSS/CISA/EPSS).
• Strong cloud understanding (AWS Azure GCP) and modern app stacks.
• Scripting/automation (Python PowerShell Bash) and data analysis (SQL Excel).
• Scale-ready processes metrics dashboards and analytics (Tableau PowerBI).
• Cross-functional collaboration; clear risk communication to technical and business stakeholders.
• Knowledge of IT processes secure baselines and control frameworks (CIS NIST ISO Microsoft etc.).

Preferred:

• Relevant certifications such as OSCP GWAPT CEH or CSSLP.
• Experience working in Agile and DevSecOps environments.
• Knowledge of containerized applications and security tools (e.g. Docker Kubernetes etc.).
• Understanding of regulatory compliance requirements (e.g. PCI DSS GDPR HIPAA).
• Experience with penetration testing and exploit development.