Senior Conmon Engineer

Salary Range: 86000 to 148000 (Currency: USD) (Pay period: per-year-salary)

What You'll Do

• Provide senior-level oversight for enterprise vulnerability management tools (for example, Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring they remain updated and fully operational
• Lead the execution of regular and on-demand scans across a variety of environments (operating systems, databases, web applications, containers), then collaborate with technical teams (for example, SRE and client administrators) to prioritize and remediate vulnerabilities
• Serve as a key point of contact for monthly reporting on open vulnerabilities, vendor dependencies, and operational requirements, delivering clear data-driven updates to clients
• Offer strategic, risk-based recommendations to improve vulnerability posture, aligning remediation with organizational and compliance objectives
• Work closely with cross-functional teams to refine and integrate vulnerability management processes in cloud environments (AWS, Azure, GCP)
• Enhance internal standards, processes, and documentation for vulnerability management, including training materials, standard operating procedures, and best practices
• Lead or support security assessment and authorization initiatives to ensure adherence to compliance frameworks such as FedRAMP, HITRUST, and PCI

What You'll Bring

• 5–7 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
• Extensive background in managing vulnerabilities across operating systems, databases, networks, containers, web applications, and APIs
• Experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP, with a proven track record of integrating tools into cloud workflows
• Involvement with at least one compliance framework (for example, FedRAMP, HITRUST, PCI), contributing to security assessments and risk-based reporting
• Demonstrated success producing periodic vulnerability status reports, ensuring timely remediation efforts and accountability across multiple stakeholders
• Advanced administrative understanding of AWS, Azure, or GCP
• Strong expertise in vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS)
• Excellent communication, organizational, and documentation skills, with the ability to convey technical findings and remediation plans to both internal teams and clients
• Demonstrated ability to coordinate and influence technical teams, fostering collaboration for effective vulnerability mitigation
• Proficiency in scripting (for example, Python, PowerShell) for automating tasks and scaling vulnerability management solutions
• Familiarity with defining and enforcing baseline configuration standards (for example, CIS Benchmarks) and presenting compliance findings
• Professional/Expert level certifications in Azure or AWS or GCP
• Security-focused cloud certifications for Azure or AWS or GCP

Bonus Points

• Security+
• CISSP
• Terraform