Vulnerability Management Engineer // Endpoint Patching

A well-established wealth management firm is seeking a Vulnerability Management Engineer to join its cybersecurity team. In this role, you will own the end-to-end vulnerability management program with a strong emphasis on hands-on endpoint patching and system hardening across a Windows-dominant enterprise environment. You will lead remediation efforts, drive patch compliance, and collaborate with infrastructure and IT operations teams to reduce the organization's attack surface. This position is ideal for someone who thrives in a technical, execution-focused role and takes pride in getting vulnerabilities closed - not just tracked. You will work closely with IT, cloud, and business stakeholders to ensure timely remediation while maintaining the stability of critical financial systems. The ideal candidate combines deep Windows patching expertise with a solid understanding of vulnerability prioritization and risk-based decision-making. The organization is committed to fostering a diverse and inclusive workplace where all employees are treated equitably and with respect. Required Skills & Experience 3+ years of experience in vulnerability management, endpoint security, or a related IT/information security role Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related discipline (or equivalent experience) Hands-on experience with patch management platforms in a Windows environment (e.g., WSUS, SCCM/MECM, Intune, or equivalent) Proficiency with vulnerability scanning tools such as Tenable Nessus, Qualys, or Rapid7 InsightVM Strong understanding of Windows OS hardening standards and CIS Benchmarks Ability to prioritize and communicate risk-based remediation recommendations to both technical teams and leadership Experience coordinating remediation activities across infrastructure, desktop engineering, and application teams Strong written and verbal communication skills across technical and non-technical audiences Self-directed and organized, with the ability to manage competing priorities in a fast-paced environment Strong analytical and problem-solving skills with a continuous improvement mindset Desired Skills & Experience Experience supporting patching and hardening in a regulated financial services or wealth management environment Familiarity with STIG compliance and Group Policy (GPO) for Windows endpoint configuration Exposure to Active Directory security hardening and privileged account hygiene Experience working with ticketing and workflow platforms (e.g., ServiceNow, Jira) for remediation tracking Knowledge of cloud vulnerability management (Azure or M365 environments) Understanding of CVSS scoring, exploit intelligence feeds, and risk-based patch prioritization frameworks Relevant certifications such as CompTIA Security+, CySA+, GCWN, or similar What You Will Be Doing Owning the full vulnerability management lifecycle - from scan and discovery through prioritization, remediation coordination, and validation Executing and coordinating endpoint patching across the Windows fleet, including workstations and servers, using enterprise patch management tooling Applying and maintaining system hardening configurations in line with CIS Benchmarks, STIGs, and internal security baselines Analyzing scan results and translating findings into clear, actionable remediation guidance tailored to asset criticality and business risk Partnering with IT operations, desktop engineering, and server teams to plan and execute patch deployments with minimal disruption Tracking and reporting on patch compliance, SLA adherence, and remediation progress for leadership and audit audiences Identifying hardening gaps across the Windows environment and driving improvement projects to close them Supporting exception management processes, including risk acceptance documentation and compensating control review Contributing to policy and procedure development around patch management and endpoint configuration standards Participating in security operations activities such as vulnerability-related incident response and threat intelligence correlation Tech Breakdown 45% Vulnerability Scanning, Analysis & Remediation Coordination 30% Endpoint Patching & Windows Hardening 15% Reporting, Metrics & Compliance 10% Security Operations Support & Process Improvement Daily Responsibilities 35% Executing and tracking patch deployments and hardening tasks across endpoint and server infrastructure 25% Reviewing scan results, prioritizing findings, and coordinating remediation with IT teams 20% Producing compliance reports and remediation dashboards for leadership and audit stakeholders 10% Managing exceptions, documenting risk acceptances, and updating hardening baselines 10% Contributing to process improvements, runbooks, and team collaboration The Offer You will receive the following benefits: Competitive salary commensurate with experience Medical, dental, and vision insurance 401(k) with company match Paid time off and company holidays Remote-first work environment with flexibility Opportunities for professional development and certification support Exposure to enterprise security tooling in a complex financial services environment Collaborative, mission-driven team culture Applicants must be currently authorized to work in the US on a full-time basis now and in the future.