About the Role
MetroSys is seeking a skilled Information Security Engineer II to support and lead efforts around vulnerability management within a dynamic, enterprise-scale environment. This individual will be instrumental in identifying and addressing security vulnerabilities across systems, networks, and applications. The ideal candidate brings a deep understanding of vulnerability scanning tools, remediation prioritization, and collaborative risk mitigation strategies.
You will work closely with cross-functional teams to enhance the organization’s security posture and help ensure compliance with industry standards. If you thrive in fast-paced environments and are passionate about cybersecurity, this is an exciting opportunity to grow and make an impact.
Key Responsibilities
Lead the end-to-end vulnerability management lifecycle : scanning, analysis, prioritization, reporting, and remediation tracking.
Perform regular vulnerability assessments and support remediation efforts in collaboration with infrastructure and application teams.
Track and assess emerging threats and zero-day vulnerabilities using vendor bulletins and threat intelligence feeds.
Generate reports and dashboards to communicate risk posture and mitigation progress to technical and executive stakeholders.
Maintain and optimize vulnerability scanning tools to ensure full visibility and accurate detection across the environment.
Assist in security incident response involving known or suspected exploited vulnerabilities.
Support regulatory and compliance audits (e.g., PCI, NIST, HIPAA ) by providing documentation and metrics.
Continuously improve processes, documentation, and tooling in the vulnerability management program.
Qualifications
Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
3+ years of experience in information security, with a strong emphasis on vulnerability management.
Hands-on experience with scanning tools (e.g., Tenable, Qualys, Rapid7).
Solid understanding of network architecture , operating systems (Linux, Windows), and web applications .
Familiarity with CVSS scoring , risk modeling, and remediation prioritization frameworks.
Ability to work with scripting or automation tools (Python, PowerShell, Bash) is a plus.
Excellent communication and problem-solving skills; ability to clearly explain security findings to non-security audiences.
Experience with compliance frameworks such as PCI DSS, NIST, HIPAA , or ISO 27001 .
Relevant certifications are a plus (e.g., CISSP, Security+, LFCS, RHCSA ).