Cybersecurity Engineer - Threat & Vulnerability Management
About the position
As a Cybersecurity Engineer specializing in Vulnerability Management and Application Security, you will play a critical role in safeguarding enterprise systems and applications against evolving threats. Your primary focus will be on identifying, assessing, and mitigating vulnerabilities across infrastructure and application layers, while ensuring compliance with security standards and best practices.
Responsibilities
• Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security.
• Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes Application Security tools (SAST, DAST, IAST) Web Application Firewalls (WAF) Secure coding practices and CI/CD pipeline integration
• Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
• Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code ( IaC ).
• Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
• Create and present security metrics, vulnerability trends, and risk reports to leadership.
• Participate in incident response activities, providing technical expertise for application-related security incidents.
• Conduct periodic risk assessments for applications and supporting infrastructure.
• Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities.
• Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.
Requirements
• Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
• Hands-on experience with application security tools (e.g., Veracode, Checkmarx , Burp Suite, OWASP ZAP).
• Strong knowledge of secure software development lifecycle (SDLC) and DevSecOps principles.
• Familiarity with container security, Kubernetes, and cloud-native application security.
• Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
• Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
• Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
• Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
• Strong analytical skills for interpreting vulnerability data and assessing business impact.
• Excellent communication skills for collaborating with developers, operations teams, and leadership.
• Ability to think strategically, innovate, and implement scalable security solutions.
• Minimum of 1 to 5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• Bachelor’s Degree in related field or equivalent work experience strongly preferred
• Cybersecurity related certifications strongly preferred
Nice-to-haves
• Experience with CI/CD security integration and automated vulnerability scanning.
• Familiarity with microservices architecture and securing APIs.
• Advanced technical writing and documentation skills.
• Knowledge of threat modeling and risk assessment methodologies.
Benefits
• Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
• Competitive pay and bonus eligibility
• Flexible hybrid work environment, 4-days a week in office
Apply Now
Apply Now
As a Cybersecurity Engineer specializing in Vulnerability Management and Application Security, you will play a critical role in safeguarding enterprise systems and applications against evolving threats. Your primary focus will be on identifying, assessing, and mitigating vulnerabilities across infrastructure and application layers, while ensuring compliance with security standards and best practices.
Responsibilities
• Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security.
• Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes Application Security tools (SAST, DAST, IAST) Web Application Firewalls (WAF) Secure coding practices and CI/CD pipeline integration
• Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
• Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code ( IaC ).
• Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
• Create and present security metrics, vulnerability trends, and risk reports to leadership.
• Participate in incident response activities, providing technical expertise for application-related security incidents.
• Conduct periodic risk assessments for applications and supporting infrastructure.
• Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities.
• Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.
Requirements
• Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
• Hands-on experience with application security tools (e.g., Veracode, Checkmarx , Burp Suite, OWASP ZAP).
• Strong knowledge of secure software development lifecycle (SDLC) and DevSecOps principles.
• Familiarity with container security, Kubernetes, and cloud-native application security.
• Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
• Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
• Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
• Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
• Strong analytical skills for interpreting vulnerability data and assessing business impact.
• Excellent communication skills for collaborating with developers, operations teams, and leadership.
• Ability to think strategically, innovate, and implement scalable security solutions.
• Minimum of 1 to 5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• Bachelor’s Degree in related field or equivalent work experience strongly preferred
• Cybersecurity related certifications strongly preferred
Nice-to-haves
• Experience with CI/CD security integration and automated vulnerability scanning.
• Familiarity with microservices architecture and securing APIs.
• Advanced technical writing and documentation skills.
• Knowledge of threat modeling and risk assessment methodologies.
Benefits
• Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
• Competitive pay and bonus eligibility
• Flexible hybrid work environment, 4-days a week in office
Apply Now
Apply Now