Vulnerability Management Engineer

We are seeking a Vulnerability Management Engineer to strengthen our global cybersecurity posture through the identification, assessment, and remediation of vulnerabilities across our enterprise infrastructure. 
This role plays a critical part in improving and managing vulnerability management and patching processes, with a focus on automation, risk prioritization, and stakeholder collaboration. 
The successful candidate will bring deep experience in vulnerability analysis, remediation tracking, risk management, and data analysis, along with hands-on knowledge of ServiceNow Vulnerability Response and enterprise vulnerability scanning tools. 

Key Responsibilities: Lead vulnerability identification, analysis, impact assessment, and remediation prioritization using industry best practices and risk-based frameworks.
Collaborate effectively with cross-functional teams across regions and time zones to onboard and support them in using the ServiceNow Vulnerability Response Module. 
Conduct thorough impact assessments by evaluating vulnerabilities within their environmental context to guide prioritization. 
Analyze large datasets to detect trends, uncover security risks, and support strategic decision-making. 
Design and improve vulnerability management processes and workflows, ensuring consistency, repeatability, and auditability. 
Monitor, track, and report remediation progress and compliance status across systems. 
Drive process automation and integration to streamline vulnerability handling and reduce manual efforts. 
Support threat management activities and perform root cause and exception analysis as part of the overall security operations cycle. 
Utilize the ServiceNow CMDB and integrate vulnerability data for comprehensive visibility and management. 

Preferred Qualifications: Bachelor’s degree in Information Security, Computer Science, or related discipline, or equivalent practical experience. 
Certifications such as CISSP, CEH, Security+, or equivalent are a plus. 
Familiarity with security standards and frameworks (e.g., NIST, CIS, ISO 27001). 
Experience with tools such as Tenable, Qualys, Rapid7, or similar