Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Vulnerability Operations Engineer

$120.93k - $191.13k

Fred Hutchinson Cancer Center (Fred Hutch)

Vulnerability Operations Engineer Job Details Job ID: 31406 Type: Regular Full‑Time Location: US-WA-Seattle Category: Information Technology Overview Fred Hutchinson Cancer Center is an independent, nonprofit organization providing adult cancer treatment and groundbreaking research focused on cancer and infectious diseases. Based in Seattle, Fred Hutch is the only National Cancer Institute-designated cancer center in Washington. With a track record of global leadership in bone marrow transplantation, HIV/AIDS prevention, immunotherapy and COVID‑19 vaccines, Fred Hutch has earned a reputation as one of the world's leading cancer, infectious disease and biomedical research centers. Fred Hutch operates eight clinical care sites that provide medical oncology, infusion, radiation, proton therapy and related services, and network affiliations with hospitals in five states. Together, our fully integrated research and clinical care teams seek to discover new cures to the world's deadliest diseases and make life beyond cancer a reality. At Fred Hutch we value collaboration, compassion, determination, excellence, innovation, integrity and respect. Our mission is directly tied to the humanity, dignity and inherent value of each employee, patient, community member and supporter. Our commitment to learning across our differences and similarities make us stronger. We seek employees who bring different and innovative ways of seeing the world and solving problems. As a senior member of the Information Security Operations team, you will anchor the organization's Vulnerability Operations (VulnOps) practice, serving as a subject matter expert who owns the discover, prioritize, remediate, and validate loop end to end. You will drive risk‑based exposure management, mentor junior team members, and shape how Fred Hutch identifies, assesses, and orchestrates the remediation of vulnerabilities across a complex hybrid estate. We are looking for a Vulnerability Operations Engineer to mature our exposure management program beyond scan‑and‑patch toward exploitability‑in‑context prioritization. Reporting to the Director of Information Security Engineering & Operations, you will scope and run scanning across cloud and on‑premises assets, validate and triage findings, separate noise from materially risky exposure, and translate results into clear, owner‑assigned remediation that actually gets fixed. You will partner closely with Fred Hutch architecture, development, systems engineering, and network engineering teams to embed vulnerability checks into their workflows, build automation that scales the program, and raise our level of compliance with information security standards. If this sounds like you, come help Fred Hutch in the fight against cancer and infectious disease by reducing the attack surface that protects our research and our patients! This role will have the opportunity to work partially at our campus and remotely. Evening and/or weekend work may occasionally be required. Responsibilities Own the vulnerability management lifecycle end to end—asset scoping, scanning, validation, triage, and remediation tracking—across cloud, on‑premises, and hybrid environments. Lead risk‑based, exploitability‑in‑context prioritization that separates noise from materially risky exposure, combining CVSS with EPSS, CISA KEV, and vendor advisories along with asset and reachability context, rather than ranking by raw score alone. Interpret scan results at scale: filter false positives, correlate findings with exploitability and active threat intelligence, and translate them into clear, prioritized tickets with named owners and actionable remediation guidance. Build, tune, and maintain the exposure management toolchain—evaluating and integrating vulnerability scanners, attack‑surface and asset‑graph tooling, and exposure management platforms for operational fit. Design and run remediation orchestration: set patch SLAs by risk tier, drive remediation campaigns (for example, end‑of‑life asset cleanup and TLS/certificate uplift), and keep multiple remediation streams moving across the teams that own the fix. Develop and maintain automation and scripting (Python, PowerShell, Bash) to de‑duplicate findings, enrich them with CMDB and asset data, and push outputs into ticketing and notification systems instead of working from static reports. Integrate vulnerability operations into operational workflows through APIs for scanners, CMDB, and ITSM platforms, and partner with DevOps and engineering teams to embed vulnerability and infrastructure‑as‑code checks into CI/CD pipelines. Maintain a runtime‑validated, identity‑aware view of the asset estate, working toward reachability analysis that can answer which assets an identity can reach and which identities can reach a given asset. Operationalize software supply chain visibility—keeping SBOMs queryable and current so exposure to a newly disclosed component vulnerability can be answered in minutes rather than days. Define and maintain repeatable exception, risk‑acceptance, and revalidation processes, ensuring accepted risk is documented, time‑bound, and periodically re‑reviewed. Build and report program metrics that turn raw findings into managed exposure—mean time to remediate, percentage of criticals closed within SLA, exploitability‑weighted backlog, and exposure by business unit—including executive‑ and board‑ready summaries that emphasize trend over point‑in‑time numbers. Apply AI‑assisted tooling where it adds leverage—for example, to accelerate triage, enrichment, exploit reasoning, and code or configuration review—while maintaining human validation and sound judgment over automated findings. Serve as the subject matter expert for the vulnerability operations domain, providing technical guidance and mentorship to Level I and Level II engineers. Align vulnerability operations with threat intelligence and active incidents, prioritizing exposures under active exploitation and supporting incident response when a vulnerability is implicated. Contribute to compliance audits and assessments (HIPAA, NIST, CIS), ensuring vulnerability management controls meet regulatory and institutional requirements, and participate in on‑call rotation as an escalation point for high‑priority exposures. Qualifications

MINIMUM QUALIFICATIONS:

Bachelor's degree or equivalent work experience in a technical discipline related to Information Technology. Minimum 7 years hands‑on information security experience, including experience conducting technical and non‑technical risk assessments. Strong knowledge of information security risk management and information security technologies (e.g., SIEM, vulnerability management, data loss prevention, and/or endpoint protection). Proven track record and experience interpreting information security policies and procedures and successfully communicating with non‑security workforce. Understanding of compliance and regulatory requirements such as HIPAA and PCI. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800‑53 and Cybersecurity Framework.

PREFERRED QUALIFICATIONS:

Strong, hands‑on command of the vulnerability management lifecycle: asset scoping, scanning, validation, triage, and remediation tracking. Fluency with CVSS and related scoring and metadata (EPSS, CISA KEV, vendor advisories), with the judgment to separate noise from materially risky exposure. Working knowledge of common infrastructure and application vulnerability classes (e.g., injection, deserialization, RCE, misconfiguration, weak cryptography, default credentials) and how they are actually exploited. Demonstrated ability to interpret scan results, filter false positives, correlate findings with exploitability, and produce clear, prioritized, owner‑assigned remediation. Solid grasp of network architecture (subnets, routing, network zones and segmentation) and of OS internals and hardening across Windows and Linux. Working knowledge of cloud platform security controls (AWS, Azure, or GCP) and how cloud misconfigurations surface as exposure. Scripting and automation experience (Python, PowerShell, or Bash) to enrich, de‑duplicate, and route findings into ticketing and operational workflows. Experience mapping vulnerabilities to business impact, regulatory requirements, and internal policy, including risk‑tiered patch SLAs. Strong written and verbal communication, with the ability to write concise tickets and executive‑friendly summaries and to facilitate remediation working sessions across teams. Demonstrated ability to mentor and guide junior team members. Advanced security certifications such as GIAC GEVA (Enterprise Vulnerability Assessor), GIAC GCIH, CISSP, or equivalent. Vendor‑specific vulnerability scanner or exposure management certifications, or equivalent. Familiarity with SOAR or orchestration tooling (e.g., Ansible, Tines, or custom pipelines) to automate scanning, tagging, and remediation workflows. Experience with cyber asset attack surface management (CAASM) or asset‑graph approaches that join asset and identity data. Experience with application security tooling and concepts (SAST, DAST, SCA) and the discover‑prioritize‑remediate‑validate loop as it extends into the software development lifecycle. Proficiency with infrastructure‑as‑code tools (Terraform, CloudFormation) and container orchestration (Kubernetes, Docker). Experience developing security tooling and integrations using Python, Go, or similar languages. Experience using AI‑assisted tooling for vulnerability triage, exploit reasoning, enrichment, or code review, with appropriate human validation. Experience with threat intelligence platforms and exploit‑intelligence sources. Experience in a healthcare, biomedical research, or academic environment. The annual base salary range for this position is from $120,931 to $191,131, and pay offered will be based on experience and qualifications. Although Fred Hutch is not sponsoring most H‑1B visas at this time, candidates who already hold an H‑1B sponsored by another organization and are currently in the U.S. may be eligible for this position. Fred Hutchinson Cancer Center offers employees a comprehensive benefits package designed to enhance health, well‑being, and financial security. Benefits include medical/vision, dental, flexible spending accounts, life, disability, retirement, family life support, employee assistance program, onsite health clinic, tuition reimbursement, paid vacation (12‑22 days per year), paid sick leave (12‑25 days per year), paid holidays (13 days per year), and paid parental leave (up to 4 weeks). Additional Information We are proud to be an Equal Employment Opportunity (EEO) and Vietnam Era Veterans Readjustment Assistance Act (VEVRAA) Employer. We do not discriminate on the basis of race, color, religion, creed, ancestry, national origin, sex, age, disability (physical or mental), marital or veteran status, genetic information, sexual orientation, gender identity, political ideology, or membership in any other legally protected class. We desire priority referrals of protected veterans. If due to a disability you need assistance or a reasonable accommodation during the application or recruiting process, please send a request to Human Resources at View email address on click.appcast.io or by calling View phone number on click.appcast.io. #J-18808-Ljbffr Fred Hutchinson Cancer Center (Fred Hutch)

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Vulnerability Operations Engineer in Seattle, WA vacancy
  • $120.93k - $191.13k

     ...biomedical research centers. Fred Hutch operates eight clinical care sites that provide...  ...team, you will anchor the organization's Vulnerability Operations (VulnOps) practice, serving...  ...looking for a Vulnerability Operations Engineer to mature our exposure management... 
    Suggested
    Work experience placement
    H1b
    Remote work
    Visa sponsorship
    Flexible hours
    Afternoon shift

    Sitcancer

    Seattle, WA
    2 days ago
  • Sitcancer is seeking a Vulnerability Operations Engineer responsible for managing the vulnerability lifecycle at Fred Hutchinson Cancer Center. You will lead risk-based exposure management and mentor junior team members, working closely with various engineering teams to... 
    Suggested
    Remote work

    Sitcancer

    Seattle, WA
    2 days ago
  • Fred Hutchinson Cancer Center (Fred Hutch) is searching for a Vulnerability Operations Engineer to lead vulnerability management. This role involves driving risk-based exposure management and mentoring junior engineers. The ideal candidate will have a Bachelor's degree... 
    Suggested

    Fred Hutchinson Cancer Center (Fred Hutch)

    Seattle, WA
    2 days ago
  • Fred Hutch in Seattle is seeking a Vulnerability Operations Engineer to lead the organization’s Vulnerability Operations practice. In this role, you will mentor junior team members and enhance the exposure management program, ensuring effective remediation of vulnerabilities... 
    Suggested
    Remote job

    Fred Hutch

    Seattle, WA
    2 days ago
  • Maximus is seeking a cybersecurity operations professional to provide 24/7 support for enterprise security, including containment, vulnerability management, and incident response. You will work under senior guidance to help protect critical systems across cloud, operating... 
    Suggested

    Pinnacle Technical Resources

    Seattle, WA
    2 days ago
  •  ...drive security design for DocuSign's cloud environment. With over 12 years in Cloud and Infrastructure Security, particularly in Vulnerability Management, you'll implement automation and ensure security controls meet organizational goals. The role offers a hybrid work... 

    DocuSign

    Seattle, WA
    2 days ago
  •  ...Description CONTINGENT UPON CONTRACT AWARD Job Title: Security Operations Engineer - Senior Location : Washington, DC U.S. Citizenship...  ...with industry frameworks (e.g., NIST, ISO 27001). Perform vulnerability assessments, security control reviews, and risk analyses.... 
    Contract work

    Energy Jobline ZR

    Seattle, WA
    5 days ago
  • $126k - $189k

     ...temporary (estimated 6 months) Development, Security, and Operations "DevSecOps" Engineer to support and scale the organization’s citizen...  ...patterns. Perform code reviews with emphasis on security vulnerabilities, error handling, resilience, and maintainability. Integrate... 
    Full time
    Temporary work
    Work at office
    Remote work
    Flexible hours

    Fenwick & West

    Seattle, WA
    2 days ago
  • Interstate Power & Light Co. is seeking engineers for the Grid Operations team. The positions available range from Engineer I to Engineer III, depending on experience. This role emphasizes safety, technical application, and strong communication skills while managing engineering... 

    Interstate Power & Light Co.

    Seattle, WA
    3 days ago
  • $120k - $140k

     ...more. Job Description We are seeking an experienced Cloud Operations Engineer (Azure) to design, implement, and operate secure, scalable,...  ...NIST‑aligned controls). Participate in security assessments, vulnerability management, and incident response. High Availability &... 
    Work at office
    Flexible hours

    Pathstone

    Bellevue, WA
    2 days ago
  • $101k - $139k

    Senior Operations Engineer Overview The Senior Operations Engineer works primarily with enterprise customers of Edifecs products, proactively assisting them with post-sales installation, configuration, upgrade, troubleshooting and day-to-day operational management. Responsibilities... 
    Full time
    Temporary work
    Remote work

    Edifecs

    Seattle, WA
    2 days ago
  •  ...Industries in the United States is seeking an experienced Mission Operations professional to orchestrate deployment of our C2 products and...  ...train end users, ensure high product performance, and align engineering with mission needs to improve user workflows. The role... 

    Anduril Industries

    Seattle, WA
    2 days ago
  •  ...in-store intelligence solutions that help retailers optimize operations, improve shelf execution, and deliver valuable data insights....  ...environments around the clock - and the Senior Fleet Operations Engineer is the technical force keeping them that way. This role sits at... 
    Local area
    Remote work
    Worldwide
    Weekend work

    Simbe

    Seattle, WA
    2 days ago
  •  ...readiness and validation, including compliance checks, migration readiness, service health, and cross-team signoffs. Coordinate across Engineering, Azure, Networking, Identity, Security, and Compliance teams to ensure seamless service dependency alignment. Oversee production... 
    Hourly pay
    Permanent employment
    Full time
    Work at office

    StafinGo

    Bellevue, WA
    2 days ago
  • As one of the largest for-profit thrift operators in the United States, Canada and Australia for value priced pre-owned clothing, accessories...  ...’s key initiatives. Working directly for the Manager of Engineering and Innovation Servies, this role designs, maintains, and... 
    Local area
    Remote work
    Flexible hours

    Savers

    Bellevue, WA
    1 day ago
  • $156.8k - $219.52k

     ...most compelling challenges in spaceflight today: space infrastructure and increasing mobility on‑orbit. As a Senior Mission Operations Engineer, you will lead the preparation and execution of on‑orbit Blue Ring operations—developing ConOps, building operations products... 
    Permanent employment
    Temporary work
    Local area
    Shift work
    Early shift

    Blue Origin

    Seattle, WA
    2 days ago
  • $166k - $208k

     ...Anduril’s family of systems is powered by Lattice OS, an AI‑powered operating system that turns thousands of data streams into a realtime, 3...  ...and success of our customer accounts. Working across product, engineering, sales, and logistics teams, our Mission Operations Engineers... 
    Full time
    Contract work
    Immediate start

    Anduril Industries

    Seattle, WA
    2 days ago
  • $83k - $110k

     ...March 2025. Learn more at What You'll Do The Fleet Reliability Operations team is responsible for the day-to-day provisioning,...  ...as they arise. This individual will join a team of committed engineers working to deploy nodes as fast as they can be racked and turned... 
    Permanent employment
    Temporary work
    Casual work
    Work at office
    Remote work
    Flexible hours
    Shift work

    CoreWeave

    Bellevue, WA
    2 days ago
  •  ...passionate team. Responsibilities include automating compliance workflows, creating dashboards for decision-making, and identifying vulnerabilities. Applicants should have a bachelor's degree in cybersecurity, with 10+ years of relevant experience and a strong understanding... 

    Blue Origin

    Seattle, WA
    2 days ago
  • $148.5k - $237.6k

     ...Constantly grow as you work hard for a mission that matters at a company where you matter. Your Impact As a Senior Security Operations Engineer, you'll play a key role in ensuring the reliability, performance, and scalability of our security infrastructure. You'll solve... 
    Work experience placement
    Work at office
    Remote work

    Koitecc Solutions

    Seattle, WA
    2 days ago
  • Role Overview As an operations integrator, you will be the authority on all aspects of your subsystem, including CONOPS, functional architecture...  ...Minimum Qualifications Minimum of a B.S. degree in engineering (Mechanical, Aerospace, or related field) or another... 
    Permanent employment
    Temporary work

    Blue Origin

    Seattle, WA
    5 days ago
  •  ...autonomy with empathy, and ownership with vulnerability. We boldly challenge the status quo to...  ...rises, we all rise. Job Summary The Engineering team at SmithRx is developing the next...  ...unmatched service quality and operational efficiencies that exceed all industry... 
    Temporary work
    Work experience placement
    Work at office
    Flexible hours

    SmithRx

    Seattle, WA
    2 days ago
  • Blacksky Holdings LLC is seeking a Senior Software Engineer for their Ground & Control Services team in Seattle, WA. In this role, you'll develop software that enables autonomous operations and real-time tasking of satellites. You'll work with cross-functional teams to... 

    Blacksky Holdings LLC

    Seattle, WA
    2 days ago
  • $64k - $104k

     ...(DAS); GPS signal validation; SIM provisioning and subscriber management; MCN Network Engineer; Networking Security; Network Certification. Key Responsibilities Network Operations Monitor RF/Cellular and Wi‑Fi Calling networks for performance and reliability. Execute... 

    Tata Consultancy Services

    Bellevue, WA
    2 days ago
  • Tata Consultancy Services is seeking a skilled MCN Network Engineer in Bellevue, WA, to monitor and optimize RF/Cellular and Wi-Fi networks. This role involves performing software upgrades, hardware installations, and troubleshooting performance issues. The ideal candidate... 

    Tata Consultancy Services

    Bellevue, WA
    2 days ago
  • $69.52 per hour

    Complete Building Services is seeking a Chief Engineer in Washington, DC. The successful candidate will supervise project staff and ensure operational, financial, and logistical excellence at job sites. Key responsibilities include managing capital budgets, conducting... 
    Hourly pay

    Complete Building Services

    Seattle, WA
    2 days ago
  • Blue Origin is seeking a Senior Mission Operations Engineer to lead on-orbit operations for our space systems. You will design mission plans and collaborate closely with both ground and space engineering teams to ensure seamless spacecraft operations. The ideal candidate... 

    Blue Origin

    Seattle, WA
    2 days ago
  • Simbe Robotics is seeking a Senior Fleet Operations Engineer to maintain and troubleshoot deployed robots across customer sites, combining hands-on electromechanical work with remote monitoring and diagnostics. The role requires clear communication with store teams and... 
    Remote work

    Simbe

    Seattle, WA
    2 days ago
  • Fred Hutchinson Cancer Center (Fred Hutch) in Seattle is hiring a Critical Systems Operating Engineer I/II. The role involves operating, maintaining, and repairing refrigeration systems across the campus. Candidates must have relevant certifications and strong mechanical... 

    Fred Hutchinson Cancer Center (Fred Hutch)

    Seattle, WA
    2 days ago
  •  ...Network & Infrastructure Administrator to manage technology infrastructure for one of Seattle’s iconic destinations. This role ensures operational support for guest attraction systems, network infrastructure, and event technology. The ideal candidate thrives in hands-on... 

    Space Needle

    Seattle, WA
    5 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Vulnerability Operations Engineer. Be the first to apply!