Coalfire Systems Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees. About Coalfire Coalfire is the cybersecurity and cloud consultancy that helps private and public sector organizations move to cloud and avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we’ve been on the cutting-edge of one of the world’s most important industries – and we’re committed to making the world a safer place by solving our clients’ toughest security challenges. Position Summary As Vulnerability Management I Engineer at Coalfire within our Managed Services group, you will be a self-starter, passionate about cloud security, and thrive on problem-solving. You will provide strategy, leadership, and operational support of Vulnerability Management processes for clients with regulatory compliance requirements. The Managed Services team is responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to clients’ information assets and resources. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution. What You’ll Do Join a highly collaborative security operations team designing and delivering vulnerability management services to Cloud Service Providers, and other organizations operating highly regulated environments. Serve as the principal advisor to the client and our team on all matters related to vulnerability management. Collaborate in a cross functional model with infrastructure engineering, site relatability engineering, and client’s success managers to deliver a seamless, holistic experience for client engagements. Work across a myriad of technology stacks in the leading cloud providers like AWS, Azure, and GCP, embracing their unique client-driven deployments and operational requirements. Coordinate with clients and team members to identify the right balance of cloud and defense-in-depth techniques to translate client’s goals into a secure and effective solution. Influence the maturity of Coalfire processes and standards related to vulnerability management activities and propagate through development and maintenance of standard operating procedures, training curriculums, technical documentation, and troubleshooting guidelines. Serve as part of the vulnerability management team that is conducting: Recurring and on-demand OS/DB, web application, and container scanning activities; Development of Plan of Action and Milestone (POA&M) reports Client-facing and Government-facing discussions related to results and risks for multiple client environments. Conduct testing and data reviews to evaluate the effectiveness of current contractual measures Provide support to the security assessment and authorization process Communicate with internal management to provide insights into the current risk in client environments and proposed remediation strategies What You’ll Bring BS or above in related Information Technology field or equivalent combination of education and experience 2+ years of related experience in professional services, vulnerability management, and compliance monitoring. Experience supporting clients in a managed service organization. Familiarity with ITSM solutions (e.g., Jira, ServiceNow) and meeting SLAs. Skills in web application testing, API testing, and network testing. Ability to analyze information security vulnerabilities and collaborate with teams for remediation. Experience developing playbooks, runbooks, and troubleshooting technical issues. Knowledge of vulnerability scoring systems (CVSS/CMSS). Experience with vulnerability scanning tools (e.g., Nessus, Nexpose, Burp Suite). Ability to analyze vulnerabilities and adjust risk ratings based on internal factors. Familiarity with OS Baseline Configuration standards (e.g., CIS Critical Security Controls Scanning). Excellent communication, organizational, and problem-solving skills. Experience working with auditors to ensure adherence to controls, policies, and standards. Strong documentation skills, including technical diagrams and descriptions. Ability to work independently and as part of a team with a professional attitude and demeanor. Critical thinking, and ability to balance environmental requirements with mission needs Bonus Points Certifications in Cloud Vendors, as well as with organizations such as PMP, CISSP, CISM, or CISA Previous Experience in a 24x7x365 environment for a SaaS provider Why You’ll Want to Join Us At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $80,687 to $102,007 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. #LI-REMOTE #LI-JB1 Bonus Points Why you’ll want to join us Please see job description
PI240439596
API testing Vulnerability management nexpose Problem-solving Amazon Web Services (AWS) ITSM Project Management Professional (PMP) Azure Certified Information Security Manager (CISM) Common Vulnerability Scoring System (CVSS) cloud-security Certified Information Systems Security Professional (CISSP) Technical documentation creation Communication Google Cloud Platform (GCP) Security Burp Suite Critical thinking nessus Organizational skills