×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Senior Vulnerability Management Engineer

Job in Irvine, Orange County, California, 92618, USA
Listing for: Tekfortune Inc.
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Job Description & How to Apply Below
Job Title:

Senior Vulnerability Management Engineer

Location:

Onsite-Irvine / Remote

Experience:

8 12+ years in Cybersecurity, with strong hands on Vulnerability Management experience
_______________________________

Role Overview
We are seeking a Senior Vulnerability Management Engineer to lead and mature the organization s vulnerability management program. This role requires deep hands on expertise with Rapid7 Insight

VM, risk based prioritization, remediation governance, and collaboration with infrastructure, cloud, and application teams. The ideal candidate will drive vulnerability reduction through automation, intelligent prioritization, and strong stakeholder engagement.
________________________________________

Key Responsibilities
Vulnerability Management & Risk Prioritization
" Own and manage the end to end vulnerability management lifecycle using Rapid7 Insight

VM.
" Conduct authenticated vulnerability scanning across on prem, cloud (AWS/Azure), External, and DMZ assets.
" Analyze vulnerabilities using CVSS v3, Rapid7 Real Risk Score, exploitability, and asset criticality.
" Identify and escalate Critical vulnerabilities, including Zero Day and KEV listed exposures.
" Define and enforce Vulnerability Prioritization & SLA models (Critical, High, Medium, Low).
________________________________________
Remediation & Stakeholder Collaboration
" Partner with Infrastructure, Cloud, Dev Ops, and Application teams to drive timely remediation.
" Create and manage remediation projects within Rapid
7.
" Validate fixes through rescans and evidence collection.
" Support risk acceptance workflows, ensuring business justification and governance approvals.
________________________________________
Dashboards, Reporting & Metrics
" Build executive level dashboards and reports showing:
o Total vulnerabilities
o Critical/High trends
o MTTR and SLA compliance
o Risk score reduction
" Provide audit ready reporting for PCI DSS, SOX, HIPAA, ISO 27001, and NIST.
" Track KPIs such as vulnerability aging, repeat findings, and remediation velocity.
________________________________________
Automation & Integration
" Integrate Rapid7 with Service Now for automated ticket creation and SLA tracking.
" Use Python, Power Shell, or APIs to automate vulnerability workflows and reporting.
" Embed vulnerability scanning into CI/CD pipelines to support Dev Sec Ops  practices.
________________________________________
Cloud & Infrastructure Security
" Assess vulnerabilities in AWS/Azure workloads including compute, networking, IAM, and storage.
" Review cloud misconfigurations and coordinate remediation with cloud teams.
" Ensure proper tagging and asset classification for accurate risk scoring.
________________________________________
Governance & Continuous Improvement
" Maintain vulnerability management policies, standards, and procedures.
" Lead continuous improvement initiatives to reduce false positives and scanning gaps.
" Provide mentoring and technical guidance to junior analysts and engineers.
" Support internal and external security audits.
________________________________________
Required

Skills & Qualifications
Technical Skills
" Strong hands on experience with Rapid7 Insight

VM / Nexpose
" Deep understanding of CVSS v3, exploit intelligence, and risk based prioritization
"

Experience with Zero Day, KEV, and threat intelligence integration
" Cloud security experience in AWS and/or Azure
" Familiarity with SIEM tools (Splunk, QRadar) for correlation and validation
" Automation and scripting skills (Python, Power Shell, APIs)
" Ticketing and workflow integration with Service Now / JIRA
________________________________________
Frameworks & Compliance
" NIST CSF / NIST 800 53 / ISO 27001
" PCI DSS, SOX, HIPAA (as applicable)
" Secure SDLC and Dev Sec Ops  principles
________________________________________
Soft Skills
" Strong communication and stakeholder management
" Ability to translate vulnerability risk into business impact
" Leadership and mentoring capabilities
" Detail oriented with strong analytical skills
________________________________________
Preferred Certifications
" CISSP / CISM
" CCSK / AWS or Azure Security certifications
" Rapid7 Insight

VM experience preferred
________________________________________
Success Measures
" Reduction in Critical and High vulnerabilities
" Improved MTTR and SLA compliance
" Accurate risk prioritization with fewer false positives
" Measurable reduction in organizational risk score
" Positive audit and compliance outcomes
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search