Vulnerability Remediation Engineer

Job Title: Vulnerability Remediation Engineer Location: Raritan, NJ 08869 / REMOTE Job Description: • Implement capabilities for a global Vulnerability Management program: internal/external exposure, imminent threats, prioritization, remediation facilitation. • Serve as technical SME for vulnerability tools and processes (Tenable, Qualys, Rapid7, or equivalent). • Continuously improve VM processes for coverage, efficiency, and visibility. • Leverage automation, analytics, and threat intelligence to improve accuracy and reduce remediation timelines. • Operate/optimize scanning platforms, discovery tooling, and reporting pipelines for asset visibility. • Partner with Infrastructure, Engineering, Application, and Cloud teams to reduce risk across environments. • Lead critical vulnerability identification and response exercises, including zero-day/imminent threats. • Develop and maintain metrics, dashboards, and executive-level reporting on posture, remediation progress, and program maturity. • Track and communicate remediation SLAs, risk reduction, and program improvements. Qualifications and Skills: • Technical proficiency across network, system, and application layers; scanning, asset discovery, and exploit analysis • Hands-on experience with VM tools (e.g., Tenable.io, Qualys VMDR/WAS, Rapid7 InsightVM/AppSec) and discovery utilities (Nmap, SSLScan, Shodan, BitSight, Security Scorecard, custom scripts). • Knowledge in threat intel and data-driven prioritization (CVSS/CISA/EPSS). • Strong cloud understanding (AWS, Azure, GCP) and modern app stacks. • Scripting/automation (Python, PowerShell, Bash) and data analysis (SQL, Excel). • Scale-ready processes, metrics, dashboards, and analytics (Tableau, PowerBI). • Cross-functional collaboration; clear risk communication to technical and business stakeholders. • Knowledge of IT processes, secure baselines, and control frameworks (CIS, NIST, ISO, Microsoft, etc.). Preferred: • Relevant certifications such as OSCP, GWAPT, CEH, or CSSLP. • Experience working in Agile and DevSecOps environments. • Knowledge of containerized applications and security tools (e.g., Docker, Kubernetes, etc.). • Understanding of regulatory compliance requirements (e.g., PCI DSS, GDPR, HIPAA). • Experience with penetration testing and exploit development. Apply tot his job