Vulnerability Engineer: Scans, Remediation & SIEM Dashboards

Responsibilities

• Perform scheduled and ad-hoc vulnerability scans using VMS
• Validate remediation of vulnerabilities identified by VMS
• Analyze scan results, validate findings, and eliminate false positives
• Prioritize vulnerabilities based on CVSS scores and organizational risk context
• Coordinate with system owners to validate fixes, perform rescans, and ensure closure within SLA timelines
• Track remediation progress and generate regular vulnerability reports
• Track compliance with patching SLAs
• Perform host configuration reviews(e.g., CIS benchmarks)
• Maintain and update scan policies, plugins, and configurations
• Monitor security events and logs using Splunk
• Develop and fine-tune search queries, dashboards, and alerts
• Perform log reviews to identify anomalies, suspicious patterns, and threats
• Correlate logs across multiple sources (servers, firewalls, endpoints, applications)
• Investigate alerts and elevate confirmed incidents
• Prepare audit artifacts such as vulnerability reports, log review records
• Maintain SOPs for vulnerability scanning and log monitoring processes
• Assist in system hardening and patch validation after vulnerability remediation
• Assist in improving security controls and system hardening
• Stay updated on emerging vulnerabilities and threat intelligence

• Hands-on experience with Nessus (scan configuration, report analysis)
• Understanding of vulnerability scoring (CVSS), patching, and risk prioritization
• Familiarity with log sources:
  Windows Event Logs, Linux sys logs, firewall logs, application logs
• Conduct periodic reviews of privileged and administrative accounts across systems and applications
• Investigate suspicious activities such as privilege escalation or abnormal admin actions
• Ensure compliance with security policies and standards for privileged access
• Provide security recommendations and guidance to technical teams during system changes or deployments
• Support audit and compliance activities by liaising with stakeholders to gather required evidence
• Ability to follow structured processes and compliance requirements
• Good communication skills for working with system owners and auditors