Back to search
Simfluent Linkedin · Posted 1mo ago

Vulnerability Security Engineer

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Position Overview:

We are looking for a hands-on Security Engineer to lead vulnerability management and PKI operations within the Information Security Operations team. This role will engineer the vulnerability management lifecycle across our data center, endpoint, and cloud VM environments, driving remediation through strategic partnerships with infrastructure teams. In addition, the role will oversee Enterprise Machine Identity, managing the lifecycle of public-facing and internal SSL/TLS certificates while championing automation to eliminate manual toiland prevent certificate-related outages.

The ideal candidate brings deep expertise in Risk-Based Vulnerability Management (RBVM) using platforms like Crowdstrike, understands complex patching cycles across hybrid infrastructure, and is well-versed in automated certificate lifecycle management using tools like Sectigo or DigiCert. A strong technical foundation in modern internal CA/PKI architecture and cryptography principles is required

Job Responsibilities:
Vulnerability & Exposure Management

 Engineer and mature the Crowdstrike Vulnerability Management platform, optimizing scan coverage, asset tagging, credential management, and API integrations.

 Champion Risk-Based Vulnerability Management (RBVM) by contextualizing

vulnerabilities with threat intelligence (e.g., CISA KEV, EPSS, CVSS) to prioritize

remediation of high-risk assets.

 Partner closely with infrastructure and cloud teams to drive remediation within established SLAs, transforming monthly patch meetings into data-driven risk discussions.

 Design and maintain automated reporting dashboards and KPIs/KRIs to track scan health, remediation velocity, and overall risk reduction.

 Formulate and drive the remediation strategy for End-of-Life (EOL) systems, acting as a primary advisor on legacy system risk mitigation.

PKI, Cryptography & Machine Identity Management

 Lead the Enterprise Certificate Lifecycle Management (CLM) strategy:

  • Oversee issuance, renewals, and revocation of SSL/TLS certificates,ensuring

zero unplanned downtime due to expirations.

  • Drive PKI automation initiatives (e.g., utilizing ACME, SCEP, or REST APIs) to

transition from manual ServiceNow requests to zero-touch provisioning.

 Architect and maintain proactive, continuous monitoring and alerting for all managed internal and public-facing certificates.

 Manage certificate issuance processes through root authorities like DigiCert (including specialized certs like Verified Mark Certificates/VMC).

 Act as the Subject Matter Expert (SME) for internal Certificate Authority (CA)

architecture, advising on cryptography best practices, key generation, and secure secrets management.

Basic Qualifications:
 5+ years of experience in IT security or infrastructure, with a specialized focus on vulnerability risk management and PKI operations.

 Hands-on administrative experience with Crowdstrike Falcon Spotlight, Qualys, or similar enterprise-grade exposure management platforms.

 Deep experience managing SSL/TLS certificates via platforms like Sectigo, DigiCert, or Venafi, with a strong track record of automating certificate deployments.

 Solid understanding of vulnerability prioritization frameworks, infrastructure patching lifecycles, and integration with ITSM tools (e.g., ServiceNow/Jira for automated ticketing).

 Strong technical grasp of internal PKI/CA principles, modern cryptography, and machine identity best practices.

 Proven ability to influence cross-functional technical teams, driving remediation efforts without direct authority.

 Excellent technical documentation and communication skills, capable of translating technical vulnerabilities into business risk.

Preferred Skills:
Experience integrating Vulnerability Management or PKI workflows with

orchestration/automation tools (e.g., Python, PowerShell, Ansible, or SOAR platforms).

 Experience with External Attack Surface Management (EASM) or Cloud Security

Posture Management (CSPM) tools.

 Advanced understanding of EOL system risk mitigation (network segmentation, virtual

patching).

 Security certifications such as CISSP, CISM, GIAC (e.g., GSEC, GCIA), or specific

vendor certifications.

 Bachelor's degree in Cybersecurity, Information Technology, or a related field

We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent