[Hiring] Vulnerability Management Security Engineer @Katapult Group, Inc.

Role Description

The Vulnerability Management Security Engineer owns and continuously improves the enterprise vulnerability management program across endpoints, servers, network devices, cloud resources, and Microsoft 365. This role leads vulnerability validation and risk-based prioritization, defines remediation standards and SLAs, and drives cross-functional execution with internal teams and outsourced IT providers. The position produces executive-ready risk reporting, guides secure configuration/hardening practices, and supports email security administration and tuning in Proofpoint to reduce phishing and malware exposure.

• Own the vulnerability management lifecycle and operating model: asset discovery, authenticated scanning, validation/triage, risk-based prioritization, remediation tracking, and exception handling.
• Administer and tune vulnerability scanning tools (e.g., Tenable/Qualys/Rapid7), including scan policies, schedules, credentials, coverage monitoring, and false-positive reduction.
• Maintain accurate vulnerability scope by partnering with IT and outsourced IT to improve inventory/CMDB data, ownership, tagging, and coverage for servers, endpoints, network devices, and cloud resources.
• Drive remediation with system owners by translating technical findings into actionable tickets, validating fixes, and escalating overdue/high-risk items based on defined SLAs.
• Define vulnerability remediation standards (severity definitions, SLAs, exception criteria) and manage the risk acceptance/exception process with appropriate approvals and audit-ready evidence.
• Coordinate patch and configuration remediation activities with internal IT and outsourced IT, including maintenance windows, validation scans, and change control documentation.
• Produce executive-ready risk reporting and program metrics (dashboards/scorecards); communicate trends, exposure drivers, and remediation performance to leadership and technical teams.
• Support secure configuration and hardening efforts by aligning remediation guidance to recognized standards (e.g., CIS Benchmarks, vendor guidance) and validating compliance via scanning and spot checks.
• Coordinate external penetration tests and vulnerability assessments; intake findings, assist with remediation plans, and track closure through retesting.
• Perform vulnerability validation and prioritization, including exploitability context (e.g., KEV/exploit intel), business criticality, and exposure (internet-facing, privilege level, lateral movement).
• Lead rapid exposure assessments and remediation coordination for emerging threats (e.g., zero-days, CISA KEV additions), including stakeholder communications and mitigation tracking.
• Partner with Security Operations (SOC) and Incident Response to perform rapid exposure assessments during emerging threats and support containment/mitigation actions as needed.
• Manage vulnerability-related tickets/workflows in the organization’s service management platform (e.g., ServiceNow/Jira), including SLA tracking, evidence collection, and audit-ready documentation.
• Lead continuous improvement for vulnerability management, including automation, coverage expansion, authenticated scanning maturity, and integrations with patching/endpoint management, CMDB, and ticketing systems.
• Provide security oversight and governance for outsourced IT/MSP vulnerability remediation deliverables (patching, endpoint protection, scanning credential management, hardening), including KPI/SLA review, quality assurance, and escalations.
• Lead vendor and outsourced IT coordination to ensure timely remediation and accurate reporting; define expectations, participate in QBRs, and manage escalations for recurring security gaps.
• Own and improve Microsoft 365 security and identity controls relevant to vulnerability reduction (e.g., Entra ID, Conditional Access, MFA, privileged access/secure admin practices, security baselines) in coordination with IT.
• Own Proofpoint email security configuration and tuning for Office 365/Exchange Online mail flow (e.g., anti-spam/anti-malware, URL defense, attachment sandboxing, anti-phishing/BEC protection), including incident-driven rule updates, metrics/reporting, and continuous reduction of false positives/negatives.

Qualifications

• Bachelor’s Degree in Computer Science (or equivalent).
• Relevant security certification preferred (e.g., Security+, SSCP, CISSP, or GIAC).
• Relevant technical certification preferred (e.g., OSCP/OSCE, GIAC (GSEC/GPEN/GCIH), Microsoft SC-200/SC-300/SC-100).
• 6+ years of experience in vulnerability management, security engineering, or a closely related cyber security role.
• Hands-on experience with vulnerability management platforms and scanners (e.g., Tenable, Qualys, Rapid7) and interpreting CVEs/CVSS and vendor advisories.
• Demonstrated experience defining vulnerability prioritization models, remediation SLAs, and governance (exceptions/risk acceptance), including executive-ready reporting and metrics.
• Strong working knowledge of Windows and Linux patching/configuration, endpoint management, and common enterprise infrastructure (AD/Entra ID, virtualization, networking, cloud services).
• Experience with Microsoft 365 security administration and Exchange Online mail flow concepts, plus hands-on experience administering or partnering on Proofpoint email security filtering and policy tuning.
• Experience managing or overseeing outsourced IT providers/MSPs, including ticket quality, SLA performance, security deliverables, and escalation management.
• Proven ability to influence and drive remediation across teams (including outsourced providers) without direct authority; excellent written and verbal communication with technical and executive stakeholders.
• Ability to mentor teammates and uplift partner teams by providing clear remediation guidance, repeatable runbooks, and training on vulnerability management processes.
• Ability to analyze data, validate findings, and independently drive tasks to closure with sound judgment and attention to detail.
• Familiarity with ticketing/workflow tools (e.g., ServiceNow/Jira) and producing audit-ready evidence of remediation and exceptions.
• Scripting/automation skills (PowerShell and/or Python) to support reporting, data normalization, and process automation.
• Preferred: experience integrating vulnerability data with SIEM/SOAR, asset/attack surface management, or cloud security tooling to improve prioritization and response.
• Understanding of vulnerability and exposure intelligence sources (e.g., CISA KEV, vendor advisories) and how to apply them to prioritization.
• Knowledge of security best practices for managing, controlling, and monitoring cyber controls; familiarity with common frameworks (e.g., NIST CSF, CIS Controls) is preferred.

Requirements

• Minimal Travel Required. Travel limited to training, occasional team meetings, and projects.
• On-call after hours or weekend support may be required, as needed.
• Collaborative and inclusive work environment with opportunities for personal growth.