Security Engineer, II (Vulnerability Management Specialist)

Vulnerability Management SpecialistPay Rate: $54/hour Position SummaryThe Vulnerability Management Specialist is responsible for identifying, assessing, prioritizing, and driving remediation of security vulnerabilities across on-premises and cloud environments. This role focuses on automating asset discovery, integrating asset intelligence with risk-based prioritization, and enabling continuous monitoring to protect critical systems and data.The Specialist will enhance and mature the organization’s vulnerability management program by implementing modern tools, optimizing remediation workflows, and aligning activities with current threat intelligence. This role partners closely with IT, engineering, and security teams to ensure vulnerabilities are remediated efficiently, consistently, and in accordance with security policies and regulatory requirements.Key Responsibilities

• Identify, assess, and prioritize vulnerabilities across infrastructure, endpoints, servers, applications, and cloud environments.
• Automate device discovery and asset inventory to improve visibility and risk-based remediation.
• Implement and manage vulnerability management platforms and supporting security tools.
• Develop and enhance workflows to improve remediation timelines and operational efficiency.
• Align remediation activities with threat intelligence and emerging risk trends.
• Collaborate with IT, engineering, and security teams to coordinate remediation efforts.
• Provide after-hours and weekend support as required in a 24x7 incident response environment.
• Investigate and remediate security incidents in accordance with established incident response protocols, including escalation and communication procedures.
• Implement and monitor security controls to protect systems, networks, and data.
• Configure, maintain, and troubleshoot security infrastructure devices.
• Prepare and maintain documentation, including standard operating procedures and incident reports.
• Recommend security enhancements and strategic improvements to leadership.
• Develop technical solutions and automation tools to mitigate vulnerabilities and reduce manual effort.
• Prepare reports detailing security incidents, remediation activities, and risk exposure.
• Identify and define system security requirements.
• Perform other duties as assigned.

Minimum Qualifications

• Associate’s degree in Computer Science or a related field OR an equivalent combination of education and experience.
• Minimum five (5) years of experience in Information Security.
• Proven experience as a System Security Engineer, Information Security Engineer, or similar role.
• Experience working with and maintaining enterprise security systems.
• Healthcare industry experience preferred.
• Experience with regulatory and compliance frameworks such as PCI, HIPAA, and NIST.
• Strong understanding of security control concepts including physical, logical, and administrative controls.

Knowledge, Skills, and Abilities

• Detailed technical knowledge of operating system security (Windows, Linux, etc.).
• Hands-on experience with security systems such as:
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Anti-virus/Endpoint Protection platforms
  • Authentication and access control systems
  • Log management and SIEM platforms
  • Content filtering and web security tools
• Experience with network security and networking technologies (firewalls, VPNs, segmentation).
• Experience implementing and maintaining vulnerability management tools.
• Strong analytical and problem-solving skills.
• Ability to assess risk and recommend both short- and long-term mitigation strategies.
• Ability to work effectively in a fast-paced, high-availability environment.
• Strong written and verbal communication skills.
• Ability to minimize business disruption while addressing security risks.

Work EnvironmentThis role operates within a 24x7 security and incident response model and may require after-hours or weekend support as needed to maintain system security and availability.