Vulnerability Management Engineer II (Remote) job in Remote...

Vulnerability Management Engineer II (Remote)
Deepwatch, inc.Remote30+ days ago
Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!
Who We Are
Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.
Deepwatch recognition includes:

  • Forbes America’s Best Startup Employers 2022

  • Great Place to Work® Certified 2022

  • Cybersecurity Excellence Award for MDR 2022

  • Forrester: Top 10 MDR

  • Goldman Sachs portfolio company: $53m Series B investment 2020

Position Summary
The Vulnerability Management Engineer II will be responsible for overseeing the operation of vulnerability assessments for assigned customers. The Vulnerability Management Engineer II will implement and oversee scanning technologies to discover, prioritize security flaws for remediation, and collaborate with system and application owners to facilitate the remediation and closure of vulnerabilities.
The Vulnerability Management Engineer II will operationally integrate with the customer’s patch management activities and perform validation of applied and/or missing patches. Additionally, they will perform security testing on pre-production systems and applications to close vulnerabilities prior to production deployment.
Position Responsibilities

  • Work with Deepwatch customers to deliver vulnerability identification and management as a service

  • Oversee and support the MSS delivery team and the customers’ multiple vulnerability management work streams

  • Ensure the delivery of services within the agreed upon service-level commitments

  • Discover and group network connected systems for network-based vulnerability scanning

  • Conduct regular vulnerability scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components

  • Collaborates with infrastructure and application owners on security hot-fixes or patch management validation

  • Analyze vulnerabilities for false positives, and prioritization based on risk to customers

  • Generate remediation action plans and corresponding tickets for system and application owners to remediate identified flaws

  • Collaborate with system and application owners through the remediation lifecycle

  • Perform security testing and vulnerability scanning on pre-production system and application deployments

  • Develop periodic reports on the discovery and closure of vulnerabilities to maintain stakeholder accountability

  • Supports the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management

  • Understanding of Web Application Security scanning and vulnerabilities

  • Assist in documenting standard operating procedures

  • Mentor, coach, and train other individuals within the Deepwatch organization

  • Develop and produce vulnerability blog posts, vulnerability summary sheets, or zero-day reports to be given to customers

  • Responsible for be being able to speak to NIST, CIS, or other hardening guidelines

  • Ability to speak in-depth on mitigation factors that can be implemented for Zero-Days, Firewalls, IDS/IPS, or other tool sets that can be utilized in order to reduce overall risk within customer’s organizations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Experience, Skills and Knowledge

  • Bachelor’s Degree in a technical discipline, or equivalent experience

  • 5+ years of increasingly progressive experience in cyber security or information technology security roles, preferably managing organizational security programs

  • Strong customer service and communication skills, both oral and written with the ability to build relationships at all levels

  • An unwavering commitment to customer satisfaction

  • Demonstrated ability to effectively manage projects

  • Strong understanding of information security common bodies of knowledge

  • Strong understanding and experience with risk management concepts and techniques

  • Practical experience, and demonstrated success, developing and managing an organizational vulnerability management program

  • Fundamental knowledge of network vulnerability scanning technologies

  • Fundamental knowledge of web application security testing utilities

  • Understanding of Web Application Security vulnerabilities and mitigating defenses

  • Experience with vulnerability remediation management and patching

  • Knowledge of vulnerability management best practices from NIST, ISO, PCI, OWASP, and CIS

  • Experience in deploying and operating vulnerability scanning infrastructure, services and solutions

  • Hands-on experience testing web application security

  • Fundamental technical skills in the following areas:

    • Active Directory

    • Windows

    • Linux

    • Networking

  • Experience in scripting languages, such as Python, Ruby, Perl, etc.

  • Proficient in the use of data manipulation, dashboard and reporting tools

  • In-depth knowledge and experience with Microsoft Office products, such as Word, Excel and PowerPoint

  • Will require occasional travel to the client site, up to 25%

  • Ability to pass a pre-employment background and drug screen in accordance with applicable laws

Preferred Experience, Skills and Knowledge

  • Graduate Degree in a technical discipline, or equivalent experience

  • Industry recognized certifications, such as GEVA, CISSP, CISM, GPEN, GIAC, CISA, etc.

  • Project management experience

  • Experience managing large complex projects

  • Security consulting or managed services experience

ITAR Compliance
This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

  • A citizen of the U.S.

  • A lawful permanent resident of the United States

  • A person admitted to the United States as a refugee

  • A person that has been granted asylum by the United States government

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.
Colorado* Candidates:
For applicants in Colorado, the salary range for this role is $92,000 to $115,000 + bonus + commissions + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

  • Note: Disclosure as required by sb19-085 (8-5-20).

What We Offer:
Deepwatch is excited to provide benefits designed to support team members and their families. Including:

  • Medical, dental, vision, and disability insurance

  • Paid time off, holidays, and family leave

  • 401(K) retirement program with employer match

  • Unique professional development benefits, starting at $3,000 annually

  • Learn more here:

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.
Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact [email protected] for further information.
All Deepwatch employees are expected to:

  • Be interested in and able to work remotely from a home office when not at a corporate office

  • Pass a pre-employment background and drug screen in accordance with applicable laws

Equal Opportunity Employer
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information.

Cyber Security Assistant Trainer
Institute of Data


4 hours ago
You can demonstrate experience with penetration testing - kali linux popular arr...
Principal Cybersecurity Engineer- GRC (Remote)
Home Depot / THD

Atlanta, GA

3 hours ago
100% Deliver Execution, Plans & Aligns - Review, analyze, identify and provide s...
Information Security Manager (U.S. - Remote)


10 hours ago
Research security enhancements and make recommendations to management. Su...
Splunk Administrator / Engineer
Elevate Government Solutions

Washington, DC

2 days ago
2+ years of vulnerability management, running scans, analyzing sca...
Middleware Administrator

Jacksonville, NC

2 days ago
Minimum Clearance Required: Interim Secret. Clearance Level Must Be Able to Obta...
Information Technology Specialist (APPSW/INFOSEC)
US Department of State - Agency Wide

Washington, DC

2 days ago
Information Security: coordinates the conduct of risk and vulnerability a...
Information Systems Security Engineer
Elevate Government Solutions

Washington, DC

2 days ago
Experience in AWS and vulnerability management leveraging tools in...
Compute Protection Engineer
Change Healthcare

New York, NY

2 days ago
In-depth knowledge in endpoint protection, data loss prevention, vulnerabilit...
Compute Protection Engineer
Change Healthcare

Washington, DC

2 days ago
In-depth knowledge in endpoint protection, data loss prevention, vulnerabilit...
Compute Protection Engineer
Change Healthcare

Nashville, TN

2 days ago
In-depth knowledge in endpoint protection, data loss prevention, vulnerabilit...
Senior Application Security Pentester REMOTE
Independent Security Evaluators

Baltimore, MD

a day ago
Experience with digital rights management and digital watermarking. Softw...
Bayview Asset Management

Coral Gables, FL

2 days ago
Evaluate, integrate and maintain SAST, DAST, SCA, and similar tooling in combina...
Information Technology & Cyber Security Technician - Remote Work
Threshold Brands

Boston, MA

2 days ago
In this role, you will provide first level support of Company information, secur...
Senior Security Engineer

Denver, CO

a day ago
Perform complex security reviews with no precedent, identify gaps in architectur...
Senior Consultant, GRC, Proactive Services (Unit 42) - Remote
Palo Alto Networks

Santa Clara, CA

2 days ago
Skilled at proactively identifying security risks and vulnerabilities whi...