Baseline Hardening Engineer - w2

Be among the first 25 applicants.

Location – Oakland, CA.

The Expert Vulnerability & Baseline Hardening Engineer will support the Secure Technology Solutions Sustainability (STS) service by operating core vulnerability scanning platforms and implementing the enterprise hardening baseline and CSPM (Cloud Security Posture Management) architecture. This role is divided approximately 50/50 between administering and optimizing existing scanning solutions, and deploying baseline-hardening and CSPM tooling and processes across the enterprise.

• Maintain and operate enterprise vulnerability scanning platforms, with emphasis on network-based scanning tools such as Rapid7 Nexpose/Insight
  
  VM and Qualys VM.
• Support automation across on-prem and SaaS scanning tools (Rapid7, Qualys, Nucleus), including integration into workflow platforms such as Jira/Ivanti and credential stores such as Cyber Ark/Azure Key Vault.
• Ensure stability, coverage completeness, and accurate configuration of all vulnerability scanning solutions, including authenticated scanning of network appliances.
• Analyze improvement opportunities and implement platform enhancements in partnership with STS engineers and vendors (e.g., improved coverage, tuning, reporting, and configuration updates).
• Document operational procedures, automation workflows, configuration standards, and changes to scanning coverage or performance.
• Deploy and operationalize tools supporting hardening baseline scanning and CSPM, including Qualys Policy Compliance, Rapid7 Policy/Benchmark Scanning, Microsoft Defender for Cloud, Aqua, and Crowd Strike.
• Build and maintain hardening baseline and CSPM scan templates; ensure comprehensive asset onboarding and subscription to all required scans.
• Operate the recurring compliance and posture‑management cycle: generate reports, distribute findings to stakeholders, support prioritization, and provide remediation assistance or consultation.
• Establish and maintain documentation for scanning standards, operational workflows, asset onboarding procedures, reporting processes, and remediation guidance.
• Respond to vulnerability‑related inquiries and tickets using established STS processes and service workflows.
• Assist stakeholders in interpreting scan results, identifying false positives, and resolving configuration or remediation challenges.

• Minimum 2+ years of experience and Bachelor's degree.
• Minimum 7+ years of experience in information security solution implementation or security service delivery.
• Experience with vulnerability scanning platforms (Rapid7, Qualys, Aqua, or similar).
• Experience implementing compliance, configuration baseline, or CSPM solutions.
• Experience with designing and implementing automation for repetitive processes and workflows.
• Familiarity with cloud environments and CSPM technologies (e.g., Microsoft Defender for Cloud).
• Strong documentation skills and ability to operationalize repeatable processes.
• Ability to collaborate with engineers, application teams, and vendors to drive improvements.

Mid‑Senior level.

Contract.

Engineering and Information Technology.

Technology, Information and Internet.