Senior Vulnerability Management Engineer

Senior Vulnerability Management Engineer

Join the Cisco team as a Senior Vulnerability Management Engineer and help protect the world’s data insights by advancing Splunk’s vulnerability management capabilities.

The Vulnerability Management team (part of Splunk Global Security) is a globally diverse group of engineers focused on a risk‑based approach to security. We partner closely with business and engineering stakeholders to uncover technical and process risks, provide actionable guidance, and drive remediation across Cisco and Splunk products.

As a senior engineer, you’ll transform complex security data into clear, actionable insights for stakeholders. You’ll use data science and advanced visualization to deliver risk metrics, trend analyses, and remediation status that inform strategic decisions.

• Build solutions and capabilities to enhance the Vulnerability Management Program, such as automation, data analysis, and process improvements.
• Serve as the subject‑matter expert on vulnerability management practices.
• Analyze vulnerability data, identify trends, and perform root‑cause analysis.
• Assist in developing new security standards and baselines.
• Lead vulnerability assessments and act as the primary point of contact for engineering teams to drive remediation of security concerns and incidents.
• Respond to emerging security events and threats.
• Triage vulnerabilities to provide company‑specific severity guidance.
• Ensure remediation teams comply with regulatory standards.
• Lead security discussions, propose solutions to security tools, and discuss tool enhancements within your focus area.
• Develop SOPs, performance metrics, and reporting mechanisms aligned with SLAs and critical metrics.
• Engage leadership, customers, and auditors to provide updates, recommendations, and briefings.

• Bachelor’s degree with 8+ years of experience in vulnerability management or information security, or Master’s degree with 6+ years, or PhD with 5+ years of related experience.
• Experience with risk‑based vulnerability management, configuration compliance assessments, and security prioritization methodologies.
• Strong communication skills for conveying risk and urgency to executives and technical teams.
• Proficiency with vulnerability scanning and configuration compliance platforms such as Tenable, Qualys, Rapid7, Wiz, Prisma, or similar.
• Knowledge of CIS Benchmarks, DISA STIGs, and other external compliance standards.
• Experience with container and container orchestration security (Docker, Kubernetes, etc.).
• Analytical and problem‑solving skills with a balance of security needs and business impact.
• Deep knowledge of cloud operational models and secure SaaS architecture.
• Familiarity with compliance requirements for PCI DSS, SOC2, HIPAA, FedRAMP.

• Experience with Splunk Search Processing Language (SPL).
• Experience applying FISMA and FedRAMP processes and policies to information systems.
• Automation and scripting experience (Python, SOAR, API integrations).
• Industry certifications such as CISSP, CCSP, CompTIA CySA+, cloud vendor security credentials.

Cisco provides a comprehensive benefits program that includes medical, dental, vision, 401(k) with company match, paid parental leave, flexible vacation, and competitive equity and bonus opportunities.