Information Security Engineer II

About the Role

MetroSys is seeking a skilled Information Security Engineer II to support and lead efforts around vulnerability management within a dynamic, enterprise-scale environment. This individual will be instrumental in identifying and addressing security vulnerabilities across systems, networks, and applications. The ideal candidate brings a deep understanding of vulnerability scanning tools, remediation prioritization, and collaborative risk mitigation strategies.

You will work closely with cross-functional teams to enhance the organization’s security posture and help ensure compliance with industry standards. If you thrive in fast-paced environments and are passionate about cybersecurity, this is an exciting opportunity to grow and make an impact.

Key Responsibilities

• Lead the end-to-end vulnerability management lifecycle: scanning, analysis, prioritization, reporting, and remediation tracking.

• Perform regular vulnerability assessments and support remediation efforts in collaboration with infrastructure and application teams.

• Track and assess emerging threats and zero-day vulnerabilities using vendor bulletins and threat intelligence feeds.

• Generate reports and dashboards to communicate risk posture and mitigation progress to technical and executive stakeholders.

• Maintain and optimize vulnerability scanning tools to ensure full visibility and accurate detection across the environment.

• Assist in security incident response involving known or suspected exploited vulnerabilities.

• Support regulatory and compliance audits (e.g., PCI, NIST, HIPAA) by providing documentation and metrics.

• Continuously improve processes, documentation, and tooling in the vulnerability management program.

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).

• 3+ years of experience in information security, with a strong emphasis on vulnerability management.

• Hands-on experience with scanning tools (e.g., Tenable, Qualys, Rapid7).

• Solid understanding of network architecture, operating systems (Linux, Windows), and web applications.

• Familiarity with CVSS scoring, risk modeling, and remediation prioritization frameworks.

• Ability to work with scripting or automation tools (Python, PowerShell, Bash) is a plus.

• Excellent communication and problem-solving skills; ability to clearly explain security findings to non-security audiences.

• Experience with compliance frameworks such as PCI DSS, NIST, HIPAA, or ISO 27001.

• Relevant certifications are a plus (e.g., CISSP, Security+, LFCS, RHCSA).

Powered by JazzHR