Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Vulnerability Management Engineer
Company Soteria
Location Remote
Preferred GIAC Certifications GDSA,GEVA
Travel 15%
Salary Not provided
Contact Name bpoole
Contact Email bpoole/at/
Expires 2021-07-29

Job Description

Do you enjoy operationalizing security practices? Are you tired of folks prioritizing remediation effort bases of vulnerability scan results with no context to security controls and busy processes? Do you long to help organizations reduce their attack surface? If so, we have the perfect job for you!

At Soteria (, we believe there is a massive opportunity to improve the way that organizations approach security operations, and we are building the solution. We often find that folks place too much emphasis on tools and processes that are not grounded in reality or scalable, and are unable to hire, groom or train talent to keep up with the ever-evolving threats. This leads to an endless sea of false positives, reliance on brittle detection logic, and tons of missed intrusions. Soteria is looking to shake up the industry with our managed detection and response (MDR) service using behavior-based rules and analytics approach, human in the loop alerting and validation, top-notch personnel, and interdisciplinary processes. We aim to be an extension of our customer's security team and transform the industry one customer at a time.

In order to transform organizations as well as the industry, we are looking for some such as yourself to join us as a Vulnerability Management Security Engineer. In this role, you will make an immediate and significant impact on a growing team protecting an ever-increasing number of customers who are tired of the status quo.

Core Responsibilities:

- Monitor, aggregate, and triage information from vulnerability sources

- Conduct application, network, and system vulnerability scans/assessments and documentation of corrective/remediation actions.

- Ensure timely follow up with clients to check the status of vulnerability remediation and patch management efforts

- Work with clients to coordinate and conduct application, network, and system vulnerability scans prior to deployment, and continue refining scans when those systems are modified within pre-production and production environments.

- Learn and adapt to client’s culture, security strategies, security goals, security objectives, and security capabilities.

Sampling of Desired Skills:

- Knowledge of vulnerability classes and industry-standard classification schemes (CVE, CVSSv2, CVSSv3, CWE, CPE)
Working knowledge of vulnerabilities, exploitation, and threats to an organization

- Ability to determine risk level of identified threats and necessary urgency in remediation
Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as: Logs and events processing, Incident Management, and Detection and/or Response

Preferred qualifications:

- 2+ years of professional experience in systems administration, systems engineering, software development, and/or TCP/IP network administration

- 2+ years of experience with a variety of security-related processes, including secure coding practices, patch management, vulnerability analysis, or IDS/IPS

- Scripting experience (Python, Bash, Powershell, etc.)

- Ability to successfully interface with both internal and external clients

- Ability to document and explain technical details in a concise, understandable manner

- Minimum of 4 years of experience with at least one or more of the following vendors and subsequent security products: Qualys, Rapid7, Tenable


- Medical, Dental, Vision, Life and Disability insurance covered 100% for Employee and 50% for family members.

- Employer funded single HSA account

- Flexible work hours around core hours

- Paid time off of 24 days with an additional 10 paid holidays

- Professional development allowance

- 401K optional

Candidates must be legally authorized to work full time within the United States and able to pass a background check. Some candidates may require more extensive background checks based on the project. Soteria is an Equal Opportunity Employer. Soteria does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need