Senior Vulnerability Engineer

Position Title :: Senior Vulnerability Engineer
Locations :: Phoenix AZ / Westerville OH

Job Description:
The Senior Vulnerability Engineer is a hands-on role responsible for driving timely, high-quality remediation of security vulnerabilities and configuration gaps across enterprise environments. This position owns the remediation execution cadence-from tool-generated findings through validation, assignment, evidence collection, risk acceptance coordination, and closure-and is expected to operate effectively in a fast-paced, operational setting with minimal ramp-up time. The role requires clear communication, disciplined expectation setting with IT teams, early identification of blockers, and delivery of decision-ready status and risk reporting to stakeholders and leadership.
Demonstrate advanced proficiency with the ServiceNow Vulnerability Response (VR) module to manage end-to-end vulnerability workflows, including triage, assignment, SLA tracking, exception and risk acceptance processing, remediation evidence captures, and closure.


Lead a high-tempo remediation cadence (weekly or biweekly) with IT teams; set clear expectations, drive action-item closure, and escalate impediments as required.
Execute hands-on remediation activities to achieve SLA targets, including patching, configuration changes, implementation of compensating controls, and post-remediation validation; proactively manage at-risk items using documented recovery plans.
Apply advanced ServiceNow Vulnerability Response (VR) capabilities, including vulnerability group and item management, routing and assignment, SLA and aging oversight, exception and risk acceptance handling, and closure workflows; utilize Rapid7 and Wiz as primary sources of findings.
Partners with patching and IT teams to execute remediation plans, validate remediation effectiveness, and maintain accurate, auditable closure evidence.
Provide concise, executive-ready reporting (Power BI and ServiceNow) on SLA performance, aging, risk trends, and decisions required for operational reviews and leadership updates.


What you will do:
Drive remediation of tool-identified vulnerabilities by validating applicability and asset context, determining the appropriate remediation approach (patch, configuration change, compensating control), coordinating execution with IT teams, and verifying closure.
Serve as a ServiceNow Vulnerability Response (VR) subject matter expert, including vulnerability group and item management, routing and assignment, SLA and aging tracking, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Conduct monthly KPI/KRI and SLA health reviews; communicate risk and progress clearly, set expectations, and drive timely decisions with leadership and stakeholder teams.
Develop and drive remediation action plans (owners, milestones, and escalation paths) for critical and high-severity vulnerabilities; maintain momentum and accountability in a fast-paced environment.
Build and maintain actionable dashboards and reporting (Power BI and ServiceNow VR) that communicate remediation health, SLA risk, vulnerability aging, and trend insights.
Facilitate exception and risk acceptance requests by ensuring documentation quality, appropriate approvals, defined expiration dates, and end-to-end tracking of compensating controls.
Provide routine (daily/weekly) stakeholder updates that clearly communicate status, next steps, owners, and estimated timelines; escalate when expectations or SLAs are at risk.
Document and continuously improve standard operating procedures (SOPs) and coach junior team members on remediation workflows and ServiceNow VR best practices.


What you will need:
Bachelor's degree or equivalent practical experience.
Seven (7) or more years of experience in vulnerability remediation, patch and configuration management, and operational security engineering in fast-paced environments.
Strong troubleshooting and hands-on remediation skills, including patching, configuration changes, validation and verification, and evidence collection.
Demonstrated high skill in ServiceNow Vulnerability Response (VR), including vulnerability groups and items, routing and assignment, SLA and aging management, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Clear, concise communicator (written and verbal) with demonstrated ability to set expectations, influence without authority, and coordinate across multiple IT teams in a matrixed environment.
Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and reporting/analytics (e.g., Power BI); ability to translate data into action.
Demonstrated ability to operate as a self-starter with minimal oversight, manage multiple workstreams, set expectations, and drive remediation to closure.
Experience in the financial services industry with proven regulatory and compliance discipline.
Strong analytical skills with the ability to translate vulnerability data into remediation plans, operational metrics, and risk-based communication.


About AgreeYa:
AgreeYa is a global systems integrator delivering a competitive advantage for its customers through software, solutions, and services. Established in 1999, AgreeYa is headquartered in Folsom, California, with a global footprint and a team of more than 1,800+ professionals across offices. AgreeYa works with 550+ organizations ranging from Fortune 100 firms to small and large businesses across industries such as Telecom, Banking, Financial Services & Insurance, Healthcare, Utility & Energy, Technology, Public Sector, Pharma & Biotech, Retail, Client, and others. Please visit us at for more information.


Equal Opportunity:
AgreeYa is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, gender identity, sexual orientation, national origin, disability, veteran status or other protected characteristics. Visit our website at to learn about our Career & Culture.