Vulnerability Engineer Job Description
Vulnerability engineer
provides analysis, design, development, implementation and security assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, CNSSI 1253, and DoD.
Vulnerability Engineer Duties & Responsibilities
To write an effective vulnerability engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Analyze assembly-level code on multiple platforms (ARM, x86, x64, etc)
Analyze assembly-level code on ARM platforms, additional platforms a bonus
Experience with vulnerability assessment and patch management tools like Qualys, Nexpose, Nessus, WUSU, SCCM, Chef, puppet
Experience with log monitoring and correlations and correlating events from multiple security tools like log correlation engines, Net flow, host monitoring solutions
Management of vulnerability lifecycle including
Attend classes and conferences, including Black Hat and Def Con, to keep yourself current and expand awareness of the exploits that are out there that we have to protect ourselves against
Responsibilities for the Vulnerability Management Program including scanning and remediation efforts and patching governance
Information Security Threat and Vulnerability Management
Implement and support security-focused tools and services
Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, large-scale production service outages, outside of the routine change management process
Vulnerability Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Engineer
List any licenses or certifications required by the position: CISSP, CISA, CCNA, CCNP, CISM, PMP, CEH, GPEN, GIAC, MCSA
Education for Vulnerability Engineer
Typically a job would require a certain level of education.
Employers hiring for the vulnerability engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Associate Degree in Computer Science, Engineering, Computer Engineering, Education, Information Security, Information Technology, Technical, Information Systems, Technology, Electrical Engineering
Skills for Vulnerability Engineer
Desired skills for vulnerability engineer include:
ARM
Computer architecture
MIPS
Power PC
X86_64
DoD 8510
DoD continuous monitoring
FIPS 199
NIST 800–34 Contingency Planning
NIST 800–37
Desired experience for vulnerability engineer includes:
Extensive experience in working with organized patching teams to identify, assess and remediate vulnerabilities is required
Extensive experience in working with ongoing process improvements to a large-scale vulnerability management program is required
Jira and Remedy experience is a bonus
Information security subject matter expert
BS Degree and a minimum of 5 years of experience in information technology in either development or operations
Experience with Apache, Weblogic, Tomcat, MQ, Tibco is a plus
Vulnerability Engineer Examples
1
Vulnerability Engineer Job Description
Job Description Example
Our growing company is looking for a vulnerability engineer. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for vulnerability engineer
- Defines, drives and improves technical related processes
- Acts as technical author and reviewer for vulnerability reports and threat advisories
- Plan, facilitate and attend regular meetings relating to the VM services and the interaction between other SOC and wider technical areas
- Resource allocation/scheduling to meet the demands of delivering a service within an environment of changing priorities or service issues
- Use high level service expertise to influence problem escalations in advanced and complex situations to resolve customer issues and improve service
- Proactively analyses information and trends, proposing action or exceptions to resolve problems, maintain and enhance service
- Establishes multiple relationships with senior level customers and managers across the organization to act as a respected technical interface both internally and externally to deliver and enhance the service
- Identifies and manages risk for the team(s) technical skill levels and adequate resources to ensure that risks are mitigated and problems resolved, in relation to meeting our commitments
- Identification of solutions to fix discovered security vulnerabilities
- Research known attacks and develop detection methodology for new attacking vectors
Qualifications for vulnerability engineer
- Security and/or Network certification desirable Security +, Network +, CCNA, ITIL
- Familiarity of security control environment (access control, logging, authentication, encryption, integrity)
- BS in Computer Science or equivalent
- Knowledge of common security related protocols and their design
- Experience with different types of operating systems including Unix, Windows
- Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI
2
Vulnerability Engineer Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of vulnerability engineer. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for vulnerability engineer
- Analyze security findings, perform root cause analysis, and advise practical remediation
- Program on Linux and Windows system for some creative projects to improve next generation security technology
- Identify internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems
- Analyze threat and vulnerability feeds and analyze data for applicability
- Conduct vulnerability assessments, red teaming and penetration testing to identify weaknesses and countermeasures
- Perform attack surface reviews and multilayer defense systems to prevent exploits, detect and intercept attacks, and discover threat agents
- Leverage software tools to aid in the discovery and removal of vulnerabilities in a system
- Work with both external vendors and other SRM groups to coordinate and conduct schedule and ad-hoc testing
- Provide timely vulnerability assessment reports to key stakeholders
- Provide relevant threat intelligence documents to key stakeholders
Qualifications for vulnerability engineer
- Stay informed of current events in the security industry including the latest exploits and threats, , preventative measures and remediation
- Perform manual validation of findings using tools like OpenSSL, ikescan, Burp
- Experience with Vulnerability management platforms such as Tenable Nessus (preferred), QualysGuard, Tripwire IP360, Rapid 7 Nexpose
- Providing Vulnerability Assessment Scanning and guidance to over 350 customers worldwide using the Tenable Nessus scanning solution
- Experience using automated vulnerability assessment tools (Nessus, Nexpose, Metasploit, Qualys, Qualys, nmap, Burp Suite, Retina, ) manual assessment techniques
- Knowledge of information security industry and regulatory obligations (PCI DSS, SOX, NIST Framework 800 series)
3
Vulnerability Engineer Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of vulnerability engineer. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability engineer
- Review automated threat indicators for veracity and relevancy
- Configure and review logs & alerts from automated threat intelligence tools
- Approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes
- Solid understanding of Android mobile and embedded systems architecture from Boot through application layers
- Solid understanding of iOS mobile and embedded systems architecture from Boot through application layers
- Perform vulnerability assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies
- Administer security operations management of operating systems, security applications and network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies
- Perform vulnerability classification based on industry publications, attack vector analysis, and external intelligence
- Conduct auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance
- Expand security knowledge on technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, and operations management to assist the team with effective research, data gathering, analysis, metrics reporting and communications
Qualifications for vulnerability engineer
- Basic understanding of malicious code constructs (imports, exports, PE sections)
- Comprehensive knowledge of malicious code (worms, viruses, spyware)
- Advanced experience in automation and scripting of applications and systems systems Python, Perl, JavaScript, Splunk, Archer GRC
- Experience with Windows, UNIX, and Linux servers at the beginner to intermediate level
- Knowledge of basic networking protocols, including TCP/IP, HTTP/HTTPs, FTP, or DNS
- Ability to maintain current knowledge concerning vulnerabilities, Cyber threats, and information security tools
4
Vulnerability Engineer Job Description
Job Description Example
Our growing company is looking to fill the role of vulnerability engineer. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vulnerability engineer
- Train less experienced staff in various aspects of research, as assigned
- Be accountable for the patch and vulnerability management process
- Support compliance and audit inquiries relating to security assurance and vulnerability management
- Maintain dashboards and collect metrics and reports on vulnerability findings and remediation compliance
- Work closely with business-oriented executives and leads technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively
- Use IBM BigFix and other tools for software distribution and reporting
- Serve as Subject Matter Expert for the Patching & Vulnerability Remediation Team
- Create, manage and maintain Group Policy Objects (GPOs) based off STIG requirements, organizational requirements, vulnerability results and the ability to recommend environmental solutions via group policy
- Modify relevance language
- Manage server patch deployments
Qualifications for vulnerability engineer
- BA or BS degree or 1+ years of experience with system administration in medium to large corporate enterprise environments in lieu of a Bachelor’s degree
- Knowledge of Web applications, databases, and Web server design and implementation
- CompTia Security+ or similar Certification
- Contributes to the development of new functionality and processes for the Vulnerability Management Service offerings
- Create and deliver presentations to the team other internal teams
- Providing Vulnerability Assessment Scanning and guidance to over 350 customers worldwide using the Tenable Nessus and Qualys scanning solutions
5
Vulnerability Engineer Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of vulnerability engineer. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for vulnerability engineer
- Provide remediation support
- Will lead the effort with the Governance, Risk and Compliance security team, addressing security vulnerabilities and risk scores
- Support external and conduct internal penetration tests
- Own the Cyber Security Threat Intelligence Platform
- Analyze penetration test results and engage with technology partners and business units to resolve identified vulnerabilities
- Own the production and reporting of metrics on the state of system security, threat, vulnerability, and patch management
- Respond to internal customer queries regarding vulnerability management
- Provide security policy review, guidance and consultation
- Assist in the response to security alerts, incidents and issues
- Review and communicate analysis of threats and incidents
Qualifications for vulnerability engineer
- Have some understanding of the security policies used by intelligence organizations, security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a)
- Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science or related field of study
- Providing Web Application Scanning using the Tenable Nessus and Qualys scanning solutions
- Provide endpoint troubleshooting and support
- Experience with Agent technology
- 5 years of experience in C, C++, or Objective-C programming