Lead Vulnerability Engineer-Qualys
About the position
The Technical Lead, Vulnerability Management serves as a senior technical lead within the Security Modernization team, responsible for driving remediation, security modernization, and technical execution across the enterprise. This role leads cross-functional cybersecurity initiatives, ensuring vulnerabilities, misconfigurations, and other security findings are resolved efficiently and in alignment with organizational risk tolerance. Beyond vulnerability management, the Technical Lead provides technical expertise and coordination for broader cybersecurity projects, secure configuration efforts, infrastructure and cloud hardening, and on-going engineering strategies. The position reports to the Sr Dir, Enterprise Architecture, and plays a critical role in strengthening the organization’s overall security posture through disciplined, repeatable, and collaborative execution.
Essential Job Functions:
The Technical Lead, Vulnerability Management will demonstrate competencies across the following areas.
• Oversee technical execution of cybersecurity support and maintenance activities, including vulnerability remediation, penetration test and red team findings, vendor-reported issues, and configuration hardening efforts.
• Lead additional technical cybersecurity initiatives outside of vulnerability management, such as infrastructure and cloud security modernization, access hardening, endpoint security improvements, and secure configuration projects.
• Serve as the primary liaison between the CTO team and the Cybersecurity organization.
• Coordinate remediation and security modernization efforts across infrastructure, applications, cloud, SaaS, and hybrid environments.
• Partner with IT, Engineering, and Business stakeholders to define remediation plans, timelines, technical solutions, and success criteria.
• Ensure remediation tasks are completed within SLA, escalating blockers, and driving cross-functional accountability.
• Build and maintain dashboards and reporting that track remediation progress, SLA adherence, and aging findings.
• Provide regular updates to CTO and Cybersecurity leadership.
• Identify operational weaknesses and lead long-term hardening initiatives that strengthen enterprise security posture.
• Audit systems to identity security gaps as outlined in the security policy.
Responsibilities
• Oversee technical execution of cybersecurity support and maintenance activities, including vulnerability remediation, penetration test and red team findings, vendor-reported issues, and configuration hardening efforts.
• Lead additional technical cybersecurity initiatives outside of vulnerability management, such as infrastructure and cloud security modernization, access hardening, endpoint security improvements, and secure configuration projects.
• Serve as the primary liaison between the CTO team and the Cybersecurity organization.
• Coordinate remediation and security modernization efforts across infrastructure, applications, cloud, SaaS, and hybrid environments.
• Partner with IT, Engineering, and Business stakeholders to define remediation plans, timelines, technical solutions, and success criteria.
• Ensure remediation tasks are completed within SLA, escalating blockers, and driving cross-functional accountability.
• Build and maintain dashboards and reporting that track remediation progress, SLA adherence, and aging findings.
• Provide regular updates to CTO and Cybersecurity leadership.
• Identify operational weaknesses and lead long-term hardening initiatives that strengthen enterprise security posture.
• Audit systems to identity security gaps as outlined in the security policy.
Requirements
• Bachelor's degree, preferably in Computer Science, Cybersecurity, or related field.
• 5–8 years of industry experience in cybersecurity, security engineering, vulnerability management, or IT operations.
• Experience with infrastructure and cloud hardening, vulnerability management, patching, configuration management, and cloud security.
• Strong understanding of vulnerability scanning tools, CVSS scoring, and common remediation workflows.
• Ability to lead technical discussions and drive outcomes across cross-functional teams.
• Familiarity with NIST CSF, CIS Controls, HIPAA, and PCI.
• Experience coordinating remediation for red team and pen test findings.
• Knowledge of cloud platforms (AWS, Azure, GCP) and cloud security.
• Experience with ServiceNow, or similar ticketing systems.
• Broad understanding of IT infrastructure, including networks, applications, databases, operating systems, backup, storage, and disaster recovery.
• Familiarity with information management practices, system development life cycle management, IT services management, agile and lean methodologies, infrastructure and operations, and EA and ITIL frameworks.
• Strong leadership skills with exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation.
• Highly collaborative and supportive of business and of its ideals and strategies.
• Highly innovative with aptitude for foresight, systems thinking and design thinking.
• Excellent analytical, planning and organizational skills.
• Excellent written, verbal, communication and presentation skills with the ability to articulate new ideas and concepts to technical and nontechnical audiences.
• Knowledge of PowerShell and Internal Query Language scripting is required, Kusto Query Language is a plus.
• Knowledge of and Microsoft Defender management is required, knowledge of Sentinel is a plus.
Nice-to-haves
• Experience in the healthcare industry is highly desired.
• Preferred certifications include CISM, CCSP, or relevant GIAC certifications are preferred.
Benefits
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
Apply tot his job
Apply To this Job
The Technical Lead, Vulnerability Management serves as a senior technical lead within the Security Modernization team, responsible for driving remediation, security modernization, and technical execution across the enterprise. This role leads cross-functional cybersecurity initiatives, ensuring vulnerabilities, misconfigurations, and other security findings are resolved efficiently and in alignment with organizational risk tolerance. Beyond vulnerability management, the Technical Lead provides technical expertise and coordination for broader cybersecurity projects, secure configuration efforts, infrastructure and cloud hardening, and on-going engineering strategies. The position reports to the Sr Dir, Enterprise Architecture, and plays a critical role in strengthening the organization’s overall security posture through disciplined, repeatable, and collaborative execution.
Essential Job Functions:
The Technical Lead, Vulnerability Management will demonstrate competencies across the following areas.
• Oversee technical execution of cybersecurity support and maintenance activities, including vulnerability remediation, penetration test and red team findings, vendor-reported issues, and configuration hardening efforts.
• Lead additional technical cybersecurity initiatives outside of vulnerability management, such as infrastructure and cloud security modernization, access hardening, endpoint security improvements, and secure configuration projects.
• Serve as the primary liaison between the CTO team and the Cybersecurity organization.
• Coordinate remediation and security modernization efforts across infrastructure, applications, cloud, SaaS, and hybrid environments.
• Partner with IT, Engineering, and Business stakeholders to define remediation plans, timelines, technical solutions, and success criteria.
• Ensure remediation tasks are completed within SLA, escalating blockers, and driving cross-functional accountability.
• Build and maintain dashboards and reporting that track remediation progress, SLA adherence, and aging findings.
• Provide regular updates to CTO and Cybersecurity leadership.
• Identify operational weaknesses and lead long-term hardening initiatives that strengthen enterprise security posture.
• Audit systems to identity security gaps as outlined in the security policy.
Responsibilities
• Oversee technical execution of cybersecurity support and maintenance activities, including vulnerability remediation, penetration test and red team findings, vendor-reported issues, and configuration hardening efforts.
• Lead additional technical cybersecurity initiatives outside of vulnerability management, such as infrastructure and cloud security modernization, access hardening, endpoint security improvements, and secure configuration projects.
• Serve as the primary liaison between the CTO team and the Cybersecurity organization.
• Coordinate remediation and security modernization efforts across infrastructure, applications, cloud, SaaS, and hybrid environments.
• Partner with IT, Engineering, and Business stakeholders to define remediation plans, timelines, technical solutions, and success criteria.
• Ensure remediation tasks are completed within SLA, escalating blockers, and driving cross-functional accountability.
• Build and maintain dashboards and reporting that track remediation progress, SLA adherence, and aging findings.
• Provide regular updates to CTO and Cybersecurity leadership.
• Identify operational weaknesses and lead long-term hardening initiatives that strengthen enterprise security posture.
• Audit systems to identity security gaps as outlined in the security policy.
Requirements
• Bachelor's degree, preferably in Computer Science, Cybersecurity, or related field.
• 5–8 years of industry experience in cybersecurity, security engineering, vulnerability management, or IT operations.
• Experience with infrastructure and cloud hardening, vulnerability management, patching, configuration management, and cloud security.
• Strong understanding of vulnerability scanning tools, CVSS scoring, and common remediation workflows.
• Ability to lead technical discussions and drive outcomes across cross-functional teams.
• Familiarity with NIST CSF, CIS Controls, HIPAA, and PCI.
• Experience coordinating remediation for red team and pen test findings.
• Knowledge of cloud platforms (AWS, Azure, GCP) and cloud security.
• Experience with ServiceNow, or similar ticketing systems.
• Broad understanding of IT infrastructure, including networks, applications, databases, operating systems, backup, storage, and disaster recovery.
• Familiarity with information management practices, system development life cycle management, IT services management, agile and lean methodologies, infrastructure and operations, and EA and ITIL frameworks.
• Strong leadership skills with exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation.
• Highly collaborative and supportive of business and of its ideals and strategies.
• Highly innovative with aptitude for foresight, systems thinking and design thinking.
• Excellent analytical, planning and organizational skills.
• Excellent written, verbal, communication and presentation skills with the ability to articulate new ideas and concepts to technical and nontechnical audiences.
• Knowledge of PowerShell and Internal Query Language scripting is required, Kusto Query Language is a plus.
• Knowledge of and Microsoft Defender management is required, knowledge of Sentinel is a plus.
Nice-to-haves
• Experience in the healthcare industry is highly desired.
• Preferred certifications include CISM, CCSP, or relevant GIAC certifications are preferred.
Benefits
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
Apply tot his job
Apply To this Job