Vulnerability Management Engineer (Hybrid NYC)

This role supports a leading global law firm known for advising many of the world's most sophisticated financial institutions, asset managers, and multinational corporations on complex, highstakes matters. Consistently recognized among the elite in the legal industry, the firm operates across major financial centers worldwide, offering a truly international platform and exposure to cuttingedge legal and regulatory work. The role is hybrid remote with 3 days onsite - Wednesday is a must for a team day and you can pick the other two days. This resource will join a team of 2 and will be conducting scanning and reviewing the vulnerabilities, validate by reaching out to appropriate System Owners/Teams who work on the patching, and following the remediation path through by active follow up.


The Senior Information Security Engineer, Vulnerability Management is responsible for leading the identification, assessment, and mitigation of security vulnerabilities across enterprise systems and applications. This role plays a critical part in proactively managing cyber risks by discovering and addressing weaknesses before they can be exploited. The senior engineer will perform regular scanning and remediation of global networks, assess systems for vulnerabilities and misconfigurations, including cloud-based and onpremises assets. They will collaborate with IT teams and business process owners to ensure timely remediation of identified issues and drive continuous improvement of the organization's security posture.

The ideal candidate is highly skilled in vulnerability management tools and methodologies, combined with a strong understanding of enterprise IT environments, including cloud infrastructure, networking, and applications. This role requires strong analytical skills, the ability to interpret scan results, prioritize remediation efforts, and work crossfunctionally to reduce risk. The candidate must be able to communicate effectively with technical and nontechnical stakeholders and remain detailoriented while adapting to new threats, technologies, and compliance requirements.
Essential Job Duties & Responsibilities
Lead enterprise vulnerability management activities including asset discovery, vulnerability scanning, configuration assessments, and prioritization.
Deliver continuous vulnerability identification and remediation across attack surfaces, vulnerabilities, and securityrelated misconfigurations throughout onprem and cloudbased environments.
Collaborate with business owners and IT teams to identify and remediate vulnerabilities across servers, infrastructure, networks, and applications.
Manage vulnerability scanning tools and ensure accurate asset inventories and scan coverage.
Manage and mature vulnerability management programs including breach simulation, redteam testing, and security assessment tools.
Manage application security scanning tools including static, dynamic, and infrastructure scanning.
Optimize vulnerability management processes and integrations with other security and IT operations workflows.
Lead vulnerability response efforts to address imminent threats and zeroday vulnerabilities.
Monitor vulnerability remediation progress and partner with IT teams to provide recommendations for effective risk remediation or mitigation.
Monitor, mitigate, and report on emerging threats including supplychain weaknesses, misconfigurations, code vulnerabilities, unencrypted protocols, digital footprint issues, and other cybersecurity control gaps.
Manage internal and external penetration testing and redteam activities, scope assessments, and oversee vendor coordination.
Provide regular reporting on the current state of vulnerabilities and develop metrics and dashboards to communicate vulnerability trends and remediation progress to stakeholders.
Develop vulnerability scoring priorities and measurement criteria, and build consumable reporting for technical and nontechnical stakeholders, IT leadership, and external clients.
Stay current with emerging threats, vulnerabilities, exploit trends, and industry best practices.
Support security audits, assessments, and compliance initiatives by providing accurate and timely vulnerability data.
Contribute to the development of processes, standards, and playbooks related to vulnerability management.
Participate in and support afterhours work and oncall rotations as needed.

Compensation:
$53/hr to $64/hr.
Exact compensation may vary based on several factors, including location, skills, experience, and education.
Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to View email address on click.appcast.io learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:


Required Skills & Experience
- 4- 8+ years in IT or Information Security, including 3-4+ years in vulnerability management or security engineering
- Handson experience with enterprise vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, Metasploit, AttackIQ, etc.)
- Strong ability to interpret CVSS, threat intelligence, and business impact to prioritize remediation
- Solid understanding of cybersecurity risk management and frameworks (NIST, CIS, OWASP)
- Experience securing cloud and hybrid environments (AWS, Azure, GCP), including infrastructure, networking, and applications
- Strong foundation in networking, operating systems (Windows/Linux), and application security
- Proven ability to manage multiple priorities, communicate risk effectively, and stay current on emerging threats
- hands-on scanning of app/cloud environments (Wiz, Snyk, Cycode, CrowdStrike Falcon, Sysdig, Aqua Security, Orca Security, etc)


Nice to Have Skills & Experience
- Professional certifications such as CISSP, CSSP, CEH, or similar
- interpreting pentest results


Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.