Vulnerability Management Engineer Jobs

What does a great Vulnerability Management Engineer do?

As a part of the Fiserv Cybersecurity Operations team, the vulnerability management team is responsible for discovering, analyzing, communicating, and tracking vulnerabilities that may impact the organization. The Vulnerability Management Engineer will work in conjunction with the Cybersecurity Organization, technology teams, and infrastructure owners as necessary. We are seeking a seasoned technologist with expertise in cybersecurity, high-scale distributed systems, and proven expertise working in large programs across globally distributed teams.

In the role, you will work on vulnerability scans, analysis, and reporting to support the Vulnerability Management program across Fiserv globally.

This position requires that the candidate be a US Citizen or a permanent resident. The candidate should be able to travel domestically and/or internationally and provide off hours on-call support for issues requiring escalation.

As a Vulnerability Management Engineer, you will:

• Contribute to developing and operating the vulnerability life cycle processes, detection, analysis, prioritization, and reporting.
• Analyze data to measure and improve scan coverage.
• Validate and triage identified vulnerabilities.
• Partner with Cyber Threat Intelligence, the Cybersecurity Incident Response team, and technology remediation groups to deliver shared outcomes that measurably improve our efficacy to detect and remediate vulnerabilities.
• Analyze vulnerability and related data in support of creating vulnerability prioritization, developing metrics, and risk identification.
• Deploy and maintain vulnerability management technology used to identify and mitigate vulnerabilities and security issues.
• Participate in cybersecurity incident response efforts as needed.

Basic Qualifications for Consideration:

• Experience with controls or frameworks such as NIST 800-53, NIST CSF, MITRE ATT&CK
• 2+ years’ experience with CMDB/Ticketing platforms (e.g., ServiceNow)
• Strong written and oral communication skills
• Experience with current automated and human-driven approaches to vulnerability identification management
• Understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk
• 3+ years’ experience working with vulnerability management tools; Tenable.sc, Tenable.io, and Nessus
• Must meet requirements to obtain & maintain 2C & 6C GOVT Clearance / Certifications
• Experience and demonstrated success in technology roles with emphasis on vulnerability management, information security and a strong technical background.
• Knowledge of common software, operating systems vulnerabilities, and Unix/Linux
• Knowledge of network protocols and enterprise architecture

• Scripting, automation, and database experience are desirable.
• Industry security certifications are desirable.

Perks at work:

• Maintain a healthy work-life balance with paid holidays, generous time off policies, including Unlimited Recharge & Refuel for qualifying associates, and free counseling through our EAP.
• Prioritize your health with a variety of medical, dental, vision, life, and disability insurance options and a range of well-being resources through our Fuel Your Life program.
• Plan for your future with competitive salaries, the Fiserv 401(k) Savings Plan, and our Employee Stock Purchase Plan.
• We’re #FISVProud of our commitment to your overall well-being with a growing offering of physical, mental, emotional, and financial benefits from day one.
• Advance your career with training, development, certification, and internal mobility opportunities.
• Join Employee Resource Groups that promote our diverse and inclusive culture where associates can share perspectives, exchange ideas, and elevate careers.
• Recognize and be recognized by colleagues with our Living Proof program where you can exchange points for a variety of rewards.

Important info about this role:

• This is a full-time, direct-hire role, meaning no C2C, C2H, or remote options are available.
• We’re better together. This role is fully on-site for the first 90 days and on-site Monday through Thursday after that.
• In order to be considered, you must be legally authorized to work in the U.S. without need for visa sponsorship, now or in the future, as it will not be provided for this role.