Job Specifications
Position Summary
The Vulnerability Management Engineer is responsible for assessing, managing, and reducing security vulnerabilities across enterprise server and workstation environments. This role will perform scheduled vulnerability scans, evaluate risks, recommend remediation plans, support patch cycles, and develop reporting that improves the organization’s security maturity.
The ideal candidate has deep hands-on experience with enterprise patch management, security baselines, vulnerability scanning tools, scripting and remediation across Windows and/or Linux platforms.
Key Responsibilities
Vulnerability Identification & Analysis
· Perform recurring vulnerability scans for servers and workstation environments.
· Analyze scan results to identify actionable risks, false positives, and system exposure levels.
· Prioritize vulnerabilities based on industry frameworks (CVSS, KEV, CISA, etc.).
· Coordinate with application owners for patching and remediation scheduling.
Patch & Remediation Support
· Partner with server and desktop teams to support monthly and quarterly patching cycles.
· Provide technical guidance on workarounds, hotfixes, or remediate configuration issues.
· Assist in validating remediation success post-deployment.
· Help refine patch and configuration baselines for repeatability and security.
Reporting & Metrics
· Develop weekly, monthly, and quarterly dashboards on:
Remediation progress
Aging vulnerabilities
SLA/KPI compliance tracking
Platform-level trends
· Report critical vulnerabilities and escalating risks to leadership as needed.
Tooling & Automation
· Operate and tune vulnerability scanning and endpoint management tools (e.g., Qualys, Microsoft Defender, Intune, PatchMyPC, SCCM, Azure Update Manager, etc.).
· Recommend configuration improvements, automation, and scanning optimizations.
· Assist in integrating scan results into ticketing or workflow tools such as ServiceNow or Jira.
Security Standards & Compliance
· Ensure systems adhere to organization security policies, CIS benchmarks, NIST guidance, and other relevant frameworks.
· Help improve patching and vulnerability management SOPs, runbooks, and governance processes.
· Support internal or external audit and compliance reporting requirements.
Required Qualifications
· 3–7 years’ experience in vulnerability management, patch management, or endpoint/server security operations.
· Demonstrated technical proficiency with:
Windows Server and Windows desktop platforms
Patch deployment and configuration management
· Experience operating one or more security scanning platforms (e.g. Qualys, Defender, Azure Update Manager, PatchMyPC, etc.).
· Ability to analyze scan output, identify false positives, and communicate meaningful remediation guidance.
· Strong understanding of:
CVEs, CVSS scoring, and exploitability assessments
Common ransomware and threat vectors targeting enterprise endpoints
Preferred Experience
· Experience in mixed operating system environments (Windows and Linux).
· Familiarity with:
Microsoft Intune and/or SCCM
Azure Update Manager
Azure Arc
ServiceNow
CIS or NIST standards
· Ability to create automation scripts (PowerShell, Bash, Python, or similar).
· Experience working in enterprise or government environments.
Soft Skills
· Strong written and verbal communication.
· Ability to translate technical risk into business impact.
· Comfortable working independently and making data-based recommendations.
About the Company
The Public Sector Solutions Group is an award-winning Information Technology consulting firm with an emphasis on access to real-time information and an enhanced user experience. It is our mission to enable critical business processes for clients, by facilitating collaboration, data analytics, and informed stakeholder decisions. PS2G embraces the principles of Human Centric Solution Design. Working with small and large clients, we prioritize the user experience as a critical success factor. Our clients are prepared for market...
Know more