Vulnerability Management Engineer - SOC Analyst

Job Description

Roles & Responsibilities: We are seeking an experienced Vulnerability Management Engineer to join our Security Operations team. The ideal candidate will be responsible for identifying, tracking, and remediating vulnerabilities across cloud and on-premises environments, while also supporting broader security operations initiatives. Vulnerability Remediation & Patch Management: Work with InfoSec and IT teams to coordinate and track the remediation of vulnerabilities across the organization. Provide hands-on support in implementing and verifying patches for critical vulnerabilities on Windows, Linux, and cloud systems. Coordinate with infrastructure and application teams to validate patch readiness, test deployments, and confirm successful remediation. Ensure timely resolution of high and critical vulnerabilities in line with internal SLAs. Reporting & Compliance: Create and maintain weekly remediation reports outlining prioritization, risk classification, remediation status, and compliance metrics. Develop dashboards, trackers, and compliance summaries using internal tools (e.g., Excel, Power BI, or ServiceNow). Track patch management lifecycle from detection to closure with detailed documentation and metrics. Security Operations Support: Continuously monitor security alerts and events via tools like QRadar SIEM, Palo Alto Cortex XDR, and others to identify indicators of compromise. Investigate and respond to security incidents, including endpoint and email threats, escalating as needed. Tune SIEM rules and threat detection logic to reduce false positives and improve response efficiency. Stay updated on emerging threats, vulnerability disclosures, and zero-day advisories to support proactive mitigation. Policy & Documentation: Maintain detailed documentation of vulnerability management procedures, remediation efforts, patch testing results, and lessons learned. Support compliance initiatives (e.g., ISO 27001, HIPAA, GDPR) by ensuring vulnerability data and remediation timelines meet audit requirements. Qualifications: Experience : 6+ years in a Security Operations or Vulnerability Management role. Education : Bachelor's degree in Computer Science, Information Security, or a related field. Certifications (preferred): CISSP, CEH, CISM, CompTIA Security+, or equivalent. Technical Skills : Experience with tools like IBM QRadar, Palo Alto Cortex XDR, Qualys/Tenable/Nessus. Familiarity with cloud security in Azure and Microsoft 365. Strong understanding of patch management, CVSS scoring, and vulnerability lifecycle. Soft Skills : Strong analytical and communication skills. Ability to work cross-functionally with IT and infrastructure teams. Adaptability to changing threat environments and security priorities. Nice to Have: Experience building Power BI dashboards or using reporting tools to visualize patch status. Familiarity with ServiceNow or other ITSM platforms for tracking remediation tasks.