Senior Security Engineer - Vulnerability Management

Description

Join Team CARFAX as a Senior Security Engineer - Vulnerability Management

Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We're more than just a company : We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment.

We are seeking a highly skilled and motivated Senior Cyber Security Engineer - Vulnerability Management plays a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The Senior Cyber Security Engineer - Vulnerability Management collaborates with various IT and business teams to integrate security best practices into every aspect of the organization's operations.

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 3 days per week in our Centreville, VA office subject to change with future business needs.

What you'll be doing :

• Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting.
• Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements.
• Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities.
• Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities.
• Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs.
• Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort.
• Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly.
• Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders.
• Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs.
• Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit documentation and responses.
• Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues.
• Provide guidance to junior team members and support knowledge sharing within the cybersecurity team.

What we're looking for :

What's in it for you :

Don't just take our word for it :

About CARFAX and S&P Global Mobility

S&P Global has recently announced the intent to separate our Mobility Segment into a standalone public company.

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world's largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell - Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE : SPGI). S&P Global is the world's foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets.

US Equal Opportunity Employer Statement : CARFAX is an Affirmative Action / Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.

Canadian Equal Opportunity Employer Statement : CARFAX Canada is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to race / ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.

We're committed to providing accommodations by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email [email protected].