Vulnerability Management Specialist

Job Summary

The Vulnerability Management Specialist is a hands‑on individual contributor responsible for executing Core Specialty’s vulnerability management program across endpoints, servers, cloud resources, and applications. The role focuses on continuous vulnerability scanning, risk analysis, remediation coordination, and reporting, working closely with IT, Infrastructure, Endpoint, and Threat teams in a metrics‑driven, SLA‑based environment.

• Conduct continuous vulnerability scanning across enterprise assets using Qualys and related tools.
• Analyze scan results to validate findings, remove false positives, and assess exploitability.
• Prioritize vulnerabilities using CVSS, Qualys Detection Score (QDS), asset criticality, and business impact.
• Enforce remediation SLAs aligned to severity levels:
  Critical: 7 days, High: 30 days, Medium: 60 days, Low: 180 days.
• Partner with Infrastructure, EUC, Cloud, and Application teams to drive timely remediation.
• Support remediation activities using Qualys, Intune, JAMF, Policy Pak, and Microsoft Defender.
• Ensure vulnerability management activities align with NIST, CIS Controls, ISO 27001, and insurance regulatory expectations.
• Partner with Threat Intelligence and SOC teams to assess vulnerability exposure related to active threats.
• Develop scripts (Power Shell) and workflows to support remediation, reporting, and validation.

• 4+ years of experience in vulnerability management, security engineering, or threat operations.
• Hands‑on experience with vulnerability scanning platforms (Qualys preferred; Tenable/Rapid7 acceptable).
• Experience working with Intune, JAMF, or similar endpoint management tools.
• Strong understanding of CVSS scoring and risk prioritization, patch management and remediation workflows, endpoint, server, and cloud security fundamentals.
• Ability to analyze technical findings and communicate risk clearly to non‑security teams.
• Strong documentation and organizational skills.
• Preferred certifications:
  CompTIA Security+, Qualys Vulnerability Management certifications, GIAC certifications (e.g., GSEC, GCIH), CISSP or progress toward certification.

Hybrid schedule: 3 days in office and 2 days remote, based out of Dallas, TX or Cincinnati, OH. No relocation assistance is offered.

Eligible candidates must be authorized to work in the United States; no visa sponsorship will be provided.

• Competitive salary and opportunities for professional development and advancement.
• Medical, dental, vision, and life insurance.
• Short and long‑term disability insurance.
• Company‑match 100% of a 6% contribution 401(k) plan.
• Employee Assistance Plan.
• Health Savings Account, Flexible Spending Account, Health Reimbursement Account.
• Wellness program.