Talent.com
Vulnerability Remediation Engineer
Vulnerability Remediation EngineerSkyePoint Decisions • Laurel, MD, United States
Vulnerability Remediation Engineer

Vulnerability Remediation Engineer

SkyePoint Decisions • Laurel, MD, United States
8 hours ago
Job type
  • Full-time
Job description

Vulnerability Remediation Engineer

Job Location

US-MD-Laurel

ID

2025-2999

Job Type

Contingent Upon Award

Category

Cyber and Information Security

Overview

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively - anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.

Join the SkyePoint team and become part of a highly skilled, professional workforce dedicated to delivering mission-critical solutions. Our exceptional technical experts provide innovative services and solutions to federal agencies, making a meaningful impact every day. At SkyePoint, we value top talent and foster an environment where your ideas and contributions truly matter. Be part of a team that values excellence and rewards innovation-your future starts here!

This is a contingent position based upon customer approval and funding.

Responsibilities

SkyePoint Decisions is seeking a Vulnerability Remediation Engineer for our customer. This person will prioritize and execute remediation actions across infrastructure and endpoints. Remediation Engineers not only create and track tickets, but they also have the skills, knowledge, and access to perform actual remediation themselves.

This position is onsite in Beltsville, MD.

Responsibilities : Primary Function :

Serve as the critical liaison between security and IT operations teams to prioritize, coordinate, and execute vulnerability remediation actions across the global infrastructure

Vulnerability Management & Prioritization :

  • Assess and prioritize Plans of Action and Milestones (POA&Ms) based on risk-based vulnerability management (RBVM) principles
  • Correlate vulnerability scan data from Tenable, Qualys, and iPost with threat intelligence and real-time asset context from Tanium
  • Analyze vulnerability data against business context from ServiceNow Configuration Management Database (CMDB) to determine mission impact
  • Apply Vulnerability Priority Rating (VPR) and TruRisk scoring methodologies to focus remediation efforts on highest-risk vulnerabilities

Remediation Coordination & Execution :

  • Create, manage, and track remediation tickets in ServiceNow with comprehensive vulnerability details and recommended remediation steps
  • Negotiate patching windows and coordinate with IT operations teams, system owners, and Information Systems Security Officers (ISSOs)
  • Perform "hands-on keyboard" remediation of critical vulnerabilities when appropriate and within scope
  • Manage remediation exceptions and ensure Service Level Agreement (SLA) compliance (e.g., 7 days for critical vulnerabilities)
  • Coordinate emergency remediation actions for zero-day and actively exploited vulnerabilities

    • Process Integration & Automation :

  • Collaborate with Security Automation Engineers to develop and refine vulnerability management playbooks in SOAR platforms
  • Work with Engineering team to integrate vulnerability data feeds with automated orchestration workflows
  • Support development of automated validation and closure processes for remediated vulnerabilities
  • Participate in continuous improvement initiatives to enhance remediation efficiency and reduce Mean Time to Remediate (MTTR)

    • Stakeholder Communication & Reporting :

  • Serve as primary point of contact between technical teams and system / business owners
  • Provide regular status updates on remediation progress to ISSOs and management
  • Escalate persistent vulnerabilities and SLA violations through appropriate channels
  • Participate in Purple Team exercises and contribute remediation expertise to adversary emulation debriefs
  • Correlate scanner findings with Tanium and CMDB context to prioritize work
  • Create and manage ServiceNow tasks and changes
  • Execute patches and configuration changes; script at scale where appropriate
  • Trigger validation rescans and document evidence
  • Manage exceptions and risk acceptances per policy

    • Qualifications

    Required Qualifications :

  • High School diploma with 7 years of Cybersecurity & Vulnerability Management experience OR Bachelor's degree with 5 years of experience OR 4 years with a Master's degree
  • Strong understanding of vulnerability management principles and risk-based prioritization methodologies
  • Hands-on experience with vulnerability scanning tools (Tenable Nessus / Security Center, Qualys VMDR preferred)
  • Proficiency with IT service management tools (ServiceNow experience strongly preferred)
  • Experience with endpoint management and configuration tools (Tanium experience preferred)
  • Knowledge of patch management processes across Windows, Linux, and network infrastructure
  • Understanding of NIST Risk Management Framework (RMF) and FISMA compliance requirements
  • Patch / change management experience in enterprise environments
  • Scripting ability (PowerShell / Python)
  • Ability to translate technical vulnerabilities into business risk language for diverse stakeholders
  • Proven ability to work effectively across organizational boundaries and coordinate complex remediation efforts
  • Strong analytical skills to prioritize competing remediation requirements and resolve complex technical issues
  • Meticulous approach to tracking vulnerabilities, managing POA&Ms, and ensuring compliance
  • Ability to respond quickly to emerging threats and changing priorities in a dynamic environment
  • Must be a U.S. citizen
  • Must have a current, active Secret clearance with the ability to obtain Top Secret

    • Preferred Qualifications :

  • Current industry certifications such as Security+, GCIH, CySA+, or CISSP
  • Experience in federal government or highly regulated environments
  • Familiarity with NIST SP 800-53 security controls and Assessment & Authorization (A&A) processes
  • Knowledge of MITRE ATT&CK framework and threat intelligence integration
  • Experience with automation and orchestration platforms (Splunk SOAR, Microsoft Sentinel Logic Apps)
  • Understanding of cloud security principles and Infrastructure-as-Code (IaC) security
  • Experience with network security appliances and configuration management

    • What We Can Offer You :

  • At SkyePoint, we go B.I.G. (beginning in GRATITUDE) by recognizing all we have and giving back to our employees, families, and communities. It instills a positive mindset that permeates all we do. By beginning in gratitude, SkyePoint can continue to spread living in gratitude each day.
  • Great Benefits : Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST / LT Disability, Life Insurance, floating federal holiday options, and 401k matched
  • Certificate Incentive Program : To promote professional development, we recognize and reward employees who obtain new certifications aligned with business needs.
  • Flexible Work Environment

    • Compensation : Salary Range : TBD

    The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package.

    Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate's combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations.

    In addition to a competitive salary, SkyePoint offers benefits including a certification incentive program, PTO, floating federal holiday options, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, Vision, ST / LT Disability, Life Insurance, and 401k matched.

    SkyePoint Decisions is an established ISO 9001 : 2015 and ISO / IEC 27001 : 2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives.

    Please be aware of recruiting scams and people claiming to be from SkyePoint Decisions. For more information, please see the Welcome Page of our Careers site.

    Skyepoint Decisions is a participating E-Verify Employer.

    U.S. Citizenship is required for most positions.

    Equal Opportunity Employer / Veterans / Disabled.

    Create a job alert for this search

    Vulnerability Engineer • Laurel, MD, United States

    Related jobs
    Vulnerability Analyst

    Vulnerability Analyst

    Electrosoft • Gaithersburg, MD, United States
    Full-time
    While cybersecurity is our specialty, we also focus on ICAM, enterprise IT modernization, and software solutions.We always seek to delight our customers, so we retain highly qualified employees and...Show more
    Last updated: 1 day ago • Promoted
    Staff Site Reliability Engineer

    Staff Site Reliability Engineer

    Visa • Ashburn, VA, United States
    Full-time
    Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more t...Show more
    Last updated: 30+ days ago • Promoted
    Vulnerability Management Engineer

    Vulnerability Management Engineer

    ShorePoint Inc • Washington, DC, United States
    Full-time
    ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience ...Show more
    Last updated: 1 day ago • Promoted
    Intermediate Vulnerability Assessment Analyst

    Intermediate Vulnerability Assessment Analyst

    WinTec Arrowmaker • Quantico, VA, United States
    Temporary
    Department of Defense customers.The Intermediate Vulnerability Assessment Analyst will support A&A efforts to complete A&A tasks that integrate cybersecurity standards and requirements into all pha...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Researcher : Senior Levels (Applicants must already hold a TS clearance or higher) - FUTURE NEED

    Vulnerability Researcher : Senior Levels (Applicants must already hold a TS clearance or higher) - FUTURE NEED

    Cipher Tech Solutions • Vienna, VA, USA
    Full-time
    Quick Apply
    FUTURE NEED - Not a current vacancy.If you apply, this could be a multi-year process.The candidate will be working independently as a Vulnerability Researcher to identify flaws in software.The cand...Show more
    Last updated: 2 days ago
    Vulnerability Assessment Analyst - Intermediate

    Vulnerability Assessment Analyst - Intermediate

    Rividium Inc • Springfield, VA, United States
    Full-time +1
    RiVidium Inc (dba, TripleCyber) is seeking a Vulnerability Assessment Analyst who will perform assessments of systems and networks within the NE or enclave and identifies where those systems / networ...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Cipher Tech Solutions • Vienna, VA, USA
    Full-time
    Quick Apply
    The candidate will be working independently as a Vulnerability Researcher to identify flaws in software.The candidate must be familiar with the latest techniques in vulnerability research and demon...Show more
    Last updated: 30+ days ago
    Distinguished AI Engineer

    Distinguished AI Engineer

    Capital One • BALTIMORE, Maryland, United States
    Full-time +1
    At Capital One, we are creating responsible and reliable AI systems, changing banking for good.For years, Capital One has been an industry leader in using machine learning to create real-time, pers...Show more
    Last updated: 30+ days ago • Promoted
    Engineer, Strategic / Reliability

    Engineer, Strategic / Reliability

    Constellation Energy • Huntingtown, MD, US
    Full-time
    As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose : accelerating the transition to a carbon-free future. We have been the leader in clean ener...Show more
    Last updated: 16 hours ago • Promoted • New!
    Sr Electronics Design Engineer

    Sr Electronics Design Engineer

    Leidos • Upper Marlboro, MD, US
    Full-time
    The National Airspace Systems Integration Support (NISC) program at Leidos is seeking.Senior Electronics Design Engineers. Federal Aviation Administration (FAA) Eastern Service Area - Engineering Se...Show more
    Last updated: 10 days ago • Promoted
    Quality Engineer II

    Quality Engineer II

    Leonardo DRS • Frederick, MD, United States
    Full-time
    The Leonardo DRS Airborne and Intelligence Systems business is a global leader and strategic partner committed to delivering world-class, full life-cycle defense and intelligence products that prot...Show more
    Last updated: 30+ days ago • Promoted
    Vulnerability Engineer

    Vulnerability Engineer

    SkyePoint Decisions • Laurel, MD, United States
    Full-time
    Cyber and Information Security.SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT s...Show more
    Last updated: 8 hours ago • Promoted • New!
    Vulnerability Assessment Analyst

    Vulnerability Assessment Analyst

    Calibre Inc • Springfield, VA, United States
    Full-time
    CALIBRE is an employee-owned mission focused solutions and digital transformation company.We are currently seeking a Vulnerability Assessment Analyst to support work we are doing in Springfield, VA...Show more
    Last updated: 8 hours ago • Promoted • New!
    Senior Embedded Vulnerability Researcher

    Senior Embedded Vulnerability Researcher

    Draper Labs • Reston, VA, United States
    Full-time
    Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA.The 2,000+ employees of Draper tackle important national challenges with a promise of delivering ...Show more
    Last updated: 30+ days ago • Promoted
    Technology Vulnerability Management Engineer

    Technology Vulnerability Management Engineer

    Cooley • Reston, VA, United States
    Full-time
    Technology Vulnerability Management Engineer.Cooley is seeking a Technology Vulnerability Management Engineer to join the Security team. Cooley Technology embraces a culture of customer service exce...Show more
    Last updated: 8 hours ago • Promoted • New!
    Engineering Analyst, Strategic / Reliability

    Engineering Analyst, Strategic / Reliability

    Constellation Energy • Benedict, MD, US
    Full-time
    As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose : accelerating the transition to a carbon-free future. We have been the leader in clean ener...Show more
    Last updated: 12 hours ago • Promoted • New!
    Vulnerability Assessment Analyst

    Vulnerability Assessment Analyst

    CALIBRE Systems • Springfield, VA, United States
    Full-time
    CALIBRE is an employee-owned mission focused solutions and digital transformation company.We are currently seeking a Vulnerability Assessment Analyst to support work we are doing in Springfield, VA...Show more
    Last updated: 1 day ago • Promoted
    Insider Threat Program Senior System Engineer

    Insider Threat Program Senior System Engineer

    Leidos • Waldorf, MD, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for a Senior System Engineer supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Pr...Show more
    Last updated: 30+ days ago • Promoted