Cybersecurity Vulnerability Management Specialist

DIRECT CLIENT REQUIREMENT

Job Title: Cybersecurity Vulnerability Management Specialist

Duration: 12+ months

Location: NYC, NY or Mesa, AZ

Hybrid position (2 3 days per week onsite).

Summary

The Red Team Specialist will join Client s cybersecurity team with a primary focus on vulnerability management across the enterprise . The role is responsible for interpreting penetration test reports (largely produced by third-party vendors), driving remediation across system owners, validating fixes, and reporting on the organization s overall vulnerability posture. A working understanding of penetration testing is required so the candidate can credibly translate findings into actionable remediation work, and a limited amount of internal hands-on testing may also fall under this role.

Key Responsibilities

- Vulnerability Management (Primary Focus)

- Own the end-to-end vulnerability management lifecycle: discovery, triage, prioritization, assignment, remediation tracking, and validation .

- Read, interpret, and operationalize penetration test reports delivered by third-party vendors translating findings into clear, actionable remediation tasks for system owners, developers, and infrastructure teams.

- Build and maintain vulnerability dashboards and reports, including CVE tracking, aging analysis, and trend reporting for technical and executive audiences .

- Use Tanium for vulnerability identification, patch management, and reporting (preferred; training available for the right candidate).

- Partner with patch management, infrastructure, and application teams to ensure timely remediation aligned with risk severity.

- Provide guidance on vulnerabilities using a risk-based approach considering ease of exploitation, exposure, and business impact.

- Validate remediation efforts and confirm vulnerabilities have been effectively closed.

- Identify opportunities for improvement in tools such as SecurityScorecard and similar external risk-rating platforms.

Third-Party Penetration Test Coordination

- Manage relationships with third-party penetration testing vendors, including scoping, scheduling, and execution oversight.

- Apply Client s internal penetration testing framework across the application onboarding lifecycle.

- Manage deliverables from external testers; review findings, ensure supporting evidence is sufficient, and defend or challenge findings as appropriate.

- Track and report on third-party testing engagements, including risk, mitigation strategies, and references.

Limited Internal Penetration Testing

- Note: Internal hands-on testing will be minimal. The candidate should be capable of supporting it but will not perform deep offensive operations day-to-day.

- Conduct light-touch internal penetration tests and vulnerability assessments of servers, web applications, and databases as needed.

- Provide spot-checking and validation of existing technical security controls.

- Communicate technical findings and remediation steps with developers, system administrators, project managers, and senior stakeholders.

Purple Teaming & Incident Response Support

- Support purple team exercises that bring collaboration between Security, Operations, and Business Units to validate technical controls and remediation effectiveness.

- Participate in incident response activities, including tabletop exercises and major incident remediation.

- Provide guidance to the security operations team on adversary techniques and procedures (TTPs) to improve awareness and response times.

Required Experience & Skills

- 2+ years of experience in cybersecurity , with a working knowledge of penetration testing concepts and the ability to read, interpret, and act on penetration test reports.

- Hands-on experience managing a vulnerability management program prioritization, remediation tracking, and reporting.

- Familiarity with web application, infrastructure, and basic cloud (AWS and/or Azure) vulnerability concepts.

- Working knowledge of Windows/Active Directory and Linux systems administration and common vulnerabilities .

- Familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK frameworks.

- Working proficiency in at least one scripting language: Bash, PowerShell, or Python.

- Strong written and verbal communication skills able to clearly articulate technical findings and remediation requirements to mixed audiences (engineers through senior stakeholders).

- Demonstrated ability to drive remediation across cross-functional teams.

Certifications (Any of the Following Are a Plus)

- Practical/offensive: OSCP, eCPTX, eCPPX, PNPT, GPEN, eCXD, CEH, PenTest+

- Defensive: BTL1, BTL2

- Cloud security: AWS Certified Security Specialty or Azure equivalent

Preferred (Strong Pluses, Not Required)

- Tanium experience: Building reports, tracking CVEs, and supporting vulnerability and patching workflows. Client is a Tanium reseller and uses Tanium heavily this is a significant plus.

- CrowdStrike experience: Hands-on familiarity with CrowdStrike Falcon (EDR) is a strong plus.

- Exposure to penetration testing or red teaming engagements (web apps, APIs, network devices, databases, OS, cloud).

- Experience with NIST 800-53 and the Risk Management Framework (RMF).

- 1+ years of SOC and/or incident response experience, with a focus on host data acquisition and threat hunting.

- Familiarity with penetration testing toolsets (Burp Suite, NessQualys, Kali Linux, Metasploit, Cobalt Strike) at a level sufficient to interpret vendor outputs.

- Bachelor s degree in computer science, Engineering, Information Systems, or related field.

Please submit the following in the notes section when you submit the resume

Submission format for all resumes:

Full Name of the candidate:

Work Authorization:

Availability:

Rate: $/hr all-inclusive without Benefits

Current location:

Contact:

Email:

LinkedIn URL:

Reason for Job Change:

Project End date:

Regards,

Kapil Thapa

Sr. Manager US IT Recruitment

SVAM International | 233 East Shore Road | Suite # 201,Great Neck, NY 11023

Cell: ext 108| Fax: | Email: |

CMMI Level 5 | ISO 9001:2008 |ISO 27001:2013 Company | LISA Award winner