Cybersecurity Vulnerability Management Specialist

DIRECT CLIENT REQUIREMENT

Job Title:

Cybersecurity Vulnerability Management Specialist Duration:

12+ months

Location:

NYC, NY or Mesa, AZ Hybrid position (2 3 days per week onsite). Summary The Red Team Specialist will join Client s cybersecurity team with a primary focus on vulnerability management across the enterprise . The role is responsible for interpreting penetration test reports (largely produced by third-party vendors), driving remediation across system owners, validating fixes, and reporting on the organization s overall vulnerability posture. A working understanding of penetration testing is required so the candidate can credibly translate findings into actionable remediation work, and a limited amount of internal hands-on testing may also fall under this role. Key Responsibilities Vulnerability Management (Primary Focus) Own the end-to-end vulnerability management lifecycle: discovery, triage, prioritization, assignment, remediation tracking, and validation . Read, interpret, and operationalize penetration test reports delivered by third-party vendors translating findings into clear, actionable remediation tasks for system owners, developers, and infrastructure teams. Build and maintain vulnerability dashboards and reports, including CVE tracking, aging analysis, and trend reporting for technical and executive audiences . Use Tanium for vulnerability identification, patch management, and reporting (preferred; training available for the right candidate). Partner with patch management, infrastructure, and application teams to ensure timely remediation aligned with risk severity. Provide guidance on vulnerabilities using a risk-based approach considering ease of exploitation, exposure, and business impact. Validate remediation efforts and confirm vulnerabilities have been effectively closed. Identify opportunities for improvement in tools such as SecurityScorecard and similar external risk-rating platforms. Third-Party Penetration Test Coordination Manage relationships with third-party penetration testing vendors, including scoping, scheduling, and execution oversight. Apply Client s internal penetration testing framework across the application onboarding lifecycle. Manage deliverables from external testers; review findings, ensure supporting evidence is sufficient, and defend or challenge findings as appropriate. Track and report on third-party testing engagements, including risk, mitigation strategies, and references.

Limited Internal Penetration Testing Note:

Internal hands-on testing will be minimal. The candidate should be capable of supporting it but will not perform deep offensive operations day-to-day. Conduct light-touch internal penetration tests and vulnerability assessments of servers, web applications, and databases as needed. Provide spot-checking and validation of existing technical security controls. Communicate technical findings and remediation steps with developers, system administrators, project managers, and senior stakeholders. Purple Teaming & Incident Response Support Support purple team exercises that bring collaboration between Security, Operations, and Business Units to validate technical controls and remediation effectiveness. Participate in incident response activities, including tabletop exercises and major incident remediation. Provide guidance to the security operations team on adversary techniques and procedures (TTPs) to improve awareness and response times. Required Experience & Skills 2+ years of experience in cybersecurity , with a working knowledge of penetration testing concepts and the ability to read, interpret, and act on penetration test reports. Hands-on experience managing a vulnerability management program prioritization, remediation tracking, and reporting. Familiarity with web application, infrastructure, and basic cloud (AWS and/or Azure) vulnerability concepts. Working knowledge of Windows/Active Directory and Linux systems administration and common vulnerabilities . Familiarity with OWASP Top Ten, NIST, and

MITRE ATT&CK

frameworks. Working proficiency in at least one scripting language: Bash, PowerShell, or Python. Strong written and verbal communication skills able to clearly articulate technical findings and remediation requirements to mixed audiences (engineers through senior stakeholders). Demonstrated ability to drive remediation across cross-functional teams. Certifications (Any of the Following Are a Plus)

Practical/offensive:

OSCP, eCPTX, eCPPX, PNPT, GPEN, eCXD, CEH, PenTest+

Defensive:

BTL1, BTL2

Cloud security: AWS Certified Security Specialty or Azure equivalent Preferred (Strong Pluses, Not Required) Tanium experience: Building reports, tracking CVEs, and supporting vulnerability and patching workflows. Client is a Tanium reseller and uses Tanium heavily this is a significant plus.

CrowdStrike experience:

Hands-on familiarity with CrowdStrike Falcon (EDR) is a strong plus. Exposure to penetration testing or red teaming engagements (web apps, APIs, network devices, databases, OS, cloud). Experience with NIST 800-53 and the Risk Management Framework (RMF). 1+ years of SOC and/or incident response experience, with a focus on host data acquisition and threat hunting. Familiarity with penetration testing toolsets (Burp Suite, NessQualys, Kali Linux, Metasploit, Cobalt Strike) at a level sufficient to interpret vendor outputs. Bachelor s degree in computer science, Engineering, Information Systems, or related field. Please submit the following in the notes section when you submit the resume Submission format for all resumes: Full Name of the candidate:

Work Authorization:

Availability:

Rate:

$/hr all-inclusive without Benefits Current location:

Contact:

Email:

LinkedIn URL:

Reason for

Job Change:

Project End date: Regards, Kapil Thapa Sr. Manager US IT Recruitment SVAM International | 233 East Shore Road | Suite # 201,Great Neck, NY 11023

Cell:

ext 108|

Fax:

|

Email:

| CMMI Level 5 |

ISO 9001

2008 |

ISO 27001

2013 Company | LISA Award winner