Senior Security Vulnerability Engineer

Join AspenView Technology Partners

At AspenView, we are passionate about transforming the way organizations approach technology. We specialize in creating high-performing, nearshore IT teams to help North American clients innovate faster and more efficiently. As we continue to grow, we're looking for exceptional people to join our team and help drive impactful change across industries.

At AspenView, we're more than a nearshore IT partner—we're a people-first, purpose-driven company that believes great culture drives great outcomes. We're passionate about connecting talent and technology to deliver measurable value for clients—and meaningful career paths for our people.

Here's what you can expect:

• Competitive base
• Comprehensive benefits and wellness support
• Flexible work model: hybrid, remote, or in-office
• Real growth opportunities and leadership visibility
• Inclusive, respectful culture that blends U.S. innovation with Colombian heart
• A company that listens, invests in you, and celebrates wins together

About the Role

We are looking for a seasoned Sr. Security Engineer specializing in Vulnerability Management to join a forward-thinking security organization. In this individual contributor role, you will own and mature a scalable, enterprise-grade vulnerability management program—one that is data-driven, risk-informed, and increasingly powered by AI-driven automation.

You will work at the intersection of infrastructure, application, and cloud security, partnering closely with Security Architecture, Engineering, SRE, IT, and Compliance teams to ensure vulnerabilities are identified, prioritized, and remediated with operational rigor. This is a high-impact, hands-on role where your technical depth, sound judgment, and ability to drive cross-functional outcomes without formal authority will define your success.

What you will do:

• Own and advance the enterprise vulnerability management lifecycle—scanning, triage, risk scoring, remediation tracking, validation, and continuous improvement.
• Leverage AI systems to automate patches and configuration changes, driving toward near real-time exploit resolution.
• Optimize the vulnerability management platform for accurate, automated, and scalable coverage across infrastructure, applications, and cloud environments.
• Develop executive-level metrics and reporting to drive accountability and communicate vulnerability posture to leadership.
• Apply a risk-based prioritization model using CVSS, system criticality, threat intelligence, and compensating controls to determine remediation urgency.
• Partner cross-functionally with Red Team, IT, Engineering, SRE, and Compliance to identify and mitigate risks tied to end-of-life systems and cloud-native vulnerabilities.
• Manage scanning exemptions and vulnerability exceptions through their full lifecycle, including documentation, justification, and remediation tracking.
• Drive visibility and remediation of cloud misconfigurations, exposed services, and over-permissioned identities across the organization.

What you bring:

• Bachelor's degree in Computer Science, Information Security, or a related field—or equivalent practical experience.
• 8+ years in cybersecurity, with at least 3 years focused on vulnerability management or risk management in a SaaS environment.
• Hands-on expertise with vulnerability management platforms such as Wiz, Tenable, Qualys, Rapid7, Vulcan, or Kenna.
• Strong command of CVSS, patch management, remediation SLA management, and risk-based prioritization.
• Solid understanding of operating systems (Windows, Linux, macOS), networking, and major cloud platforms (AWS, Azure, GCP).
• Experience with CSPM/CNAPP platforms such as Wiz, Prisma Cloud, or Orca.
• Excellent analytical and communication skills with a track record of influencing stakeholders at all levels.

Nice if you have:

• Experience with container security and cloud-native environments (Docker, Kubernetes, serverless).
• Knowledge of security frameworks such as NIST CSF, PCI DSS, SOC 2, or ISO 27001.
• Experience automating remediation workflows or integrating vulnerability data into Jira or ServiceNow.
• Relevant certifications: CISSP, CISM, OSCP, GIAC/GVMS, or cloud security certifications.

Equal Opportunity Employer:

AspenView is proud to be an equal opportunity employer. We believe in creating an environment where all employees feel welcome, valued, and empowered to succeed. We celebrate diversity and strive to build a culture of inclusion where all individuals, regardless of their race, color, gender, gender identity or expression, sexual orientation, disability, age, or any other characteristic, can thrive. We encourage applicants from all walks of life to join our team and make a lasting impact.