Junior Penetration Testing Engineer

Roles & Responsibilities:

• Analyze vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications.
• Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context.
• Partner with IT and DevOps teams to track remediation progress and provide technical guidance on mitigation strategies.
• Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity.
• Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams.
• Support vulnerability assessment activities in cloud environments (AWS, Azure, etc. ).
• Maintain documentation related to the vulnerability management lifecycle.
• Assist in policy and process development related to vulnerability and patch management.
• Participate in audits and compliance efforts (e. g. , SOX, ISO, NIST, PCI).

What we expect of you

We are all different, yet we all use our unique contributions to serve patients.

Master s degree and 1 to 3 years of experience in Cybersecurity, vulnerability management or information security operations OR

Bachelor s degree and 3 to 5 years of experience in Cybersecurity, vulnerability management or information security operations OR

Diploma and 7 to 9 years of experience in Cybersecurity, vulnerability management or information security operations

Must-Have Skills:

• Familiarity with vulnerability management tools (e. g. , Tenable, Qualys, Rapid7).
• Understanding of CVSS scoring, vulnerability lifecycle, and remediation workflows.
• Basic knowledge of threat intelligence and how it applies to vulnerability prioritization.
• Working knowledge of network, operating system, and application-level security.
• Ability to analyze scan data and correlate it with business context and threat intelligence.

Preferred Qualifications:

Good-to-Have Skills:

• Experience with KEV, EPSS, and other threat-based scoring systems.
• Familiarity with patch management processes and tools.
• Exposure to cloud security and related scanning tools (e. g. , Prisma Cloud, AWS Inspector).
• CompTIA Security+
• GIAC GSEC / GCIH
• Qualys Vulnerability Management Specialist (QVMS)
• Tenable Certified Nessus Auditor (TCNA)

Soft Skills:

• Analytical Thinking

  - Ability to interpret complex data sets and assess risk effectively

• Attention to Detail

  - Precision in identifying and tracking vulnerabilities and remediation status

• Communication Skills

  - Ability to communicate technical findings to both technical and non-technical audiences

• Collaboration & Teamwork

  - Able to work across IT, DevOps, and security teams to drive resolution

• Curiosity & Continuous Learning

  - Willingness to know the latest with evolving threats and technologies

• Problem-Solving