Vulnerability Management Specialist
Indexed description
The ideal candidate is highly analytical, detail-oriented, and comfortable operating in a metrics-driven, SLA-based environment, with the ability to translate technical findings into actionable remediation guidance.
The selected candidate will be required to work a hybrid schedule (3 days in office/2 remote) out of our Dallas, TX, or Cincinnati, OH office. No relocation assistance is being offered with this role.
Key Accountabilities/Deliverables:
- Conduct continuous vulnerability scanning across enterprise assets using Qualys and related tools.
- Analyze scan results to validate findings, remove false positives, and assess exploitability.
- Prioritize vulnerabilities using CVSS, Qualys Detection Score (QDS), asset criticality, and business impact.
- Enforce remediation SLAs aligned to severity levels: Critical: 7 days, High: 30 days, Medium: 60 days, Low: 180 days.
- Partner with Infrastructure, EUC, Cloud, and Application teams to drive timely remediation.
- Support remediation activities using Qualys, Intune, JAMF, PolicyPak, and Microsoft Defender.
- Ensure vulnerability management activities aligned with NIST, CIS Controls, ISO 27001, and insurance regulatory expectations.
- Partner with Threat Intelligence and SOC teams to assess vulnerability exposure related to active threats.
- Develop scripts (PowerShell) and workflows to support remediation, reporting, and validation.
- Strong understanding of: CVSS scoring and risk prioritization, patch management and remediation workflows, endpoint, server, and cloud security fundamentals.
- Ability to analyze technical findings and communicate risk clearly to non-security teams.
- Strong documentation and organizational skills.
- 4+ years of experience in vulnerability management, security engineering, or threat operations.
- Hands-on experience with vulnerability scanning platforms (Qualys preferred; Tenable/Rapid7 acceptable).
- Experience working with Intune, JAMF, or similar endpoint management tools.
- CompTIA Security+
- Qualys Vulnerability Management certifications
- GIAC certifications (e.g., GSEC, GCIH)
- CISSP (or progress toward certification)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search