Senior Vulnerability and Threat Management Engineer

Join Medica's Cyber Security team as a Senior Vulnerability and Threat Management Engineer, where you'll play a crucial role in fortifying our organization's defenses. In this position, you will be at the forefront of identifying, assessing, and remediating vulnerabilities in both our on-premise and cloud environments. Your efforts will be essential in enhancing our risk reduction initiatives and advancing our security maturity through proactive vulnerability discovery and threat modeling, along with continual enhancements in our detection and response strategies. Key Responsibilities: Conduct comprehensive vulnerability research to identify potential security flaws, followed by penetration testing to verify exploitability. Regularly monitor threat intelligence feeds for new vulnerabilities and evaluate their impact on our organization. Maintain meticulous documentation and dashboards to track the status of vulnerabilities and the progress of remediation efforts. Collaborate effectively with Internal Security teams, Product Owners, Scrum Masters, and management to foster a secure environment. Utilize innovative problem-solving techniques to enhance our security posture. To succeed in this role, you should possess a strong understanding of vulnerability management frameworks, system hardening, secure configuration baselines, threat intelligence, and risk prioritization. Familiarity with tools such as Qualys, Tenable, or Rapid7, along with cloud-native security services, is essential. We value candidates who can think critically, correlate threat data with asset risks, and communicate findings clearly to both technical and non-technical stakeholders. Qualifications: Bachelor's degree or an equivalent combination of education and relevant work experience. 5+ years of professional experience in Information Technology, including a minimum of 3 years in a Threat and Vulnerability Management role. Additional Skills and Experience: Proficient with vulnerability management tools such as Nessus, Tenable.io, Rapid7 InsightVM, or Qualys. Familiarity with cloud and container technologies including AWS, Azure, GCP, and Kubernetes. Experience in various security tools and techniques, along with the ability to write scripts for automation. Understanding of reverse engineering tools like GHIRDA and IDA Pro is a plus. Solid knowledge of operating systems (Windows, Linux), networking, and cloud infrastructures, particularly with Linux, Windows, and Active Directory. Proficiency in scripting and programming languages such as Python, JavaScript, PowerShell, or C++. Understanding of web application security, including experience with web application scanners and both manual testing and penetration testing methodologies. Exceptional communication and report-writing skills. Possessing a degree or recognized certifications such as CPTS, CompTIA PenTest+, OSCP, or relevant experience is highly desirable. This role is based in our office located in Minnetonka, MN, with onsite work required on average 3 days per week. The full salary range for this position is $100,200 - $171,700. Placement within this salary range will depend on several factors, including education, work experience, applicable certifications, the scope of the position, internal pay equity, and external market data. This role may also be eligible for incentive plan compensation in addition to a base salary. At Medica, we offer a comprehensive total rewards package that includes competitive medical, dental, vision, PTO, Holidays, paid volunteer time off, 401K contributions, caregiver services, and numerous other benefits to support our workforce. Please note that the compensation and benefits provided are as of the date of this posting and are subject to change at any time, with or without notice, in compliance with applicable laws. Medica is an Equal Opportunity employer, welcoming all qualified candidates irrespective of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. This employer is required to inform all applicants of their rights under federal employment laws. For more information, please refer to the Know Your Rights notice from the Department of Labor.