CARFAX
Senior Security Engineer - Vulnerability Management
CARFAX, Columbia, Missouri, United States
Overview
Join Team CARFAX as a
Senior Security Engineer - Vulnerability Management We are seeking a highly skilled and motivated
Senior Cyber Security Engineer – Vulnerability Management
who will play a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The
Senior Cyber Security Engineer – Vulnerability Management
collaborates with various IT and business teams to integrate security best practices into every aspect of the organization\'s operations. 3 days per week in our Columbia, MO office (subject to change with future business needs).
What you’ll be doing
Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting.
Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements.
Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities.
Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities.
Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs.
Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort.
Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly.
Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders.
Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs.
Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit documentation and responses.
Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues.
Provide guidance to junior team members and support knowledge sharing within the cybersecurity team.
What we're looking for
Bachelor’s degree in computer science, Information Security, or a related field.
Minimum of 5+ years of experience in cybersecurity, with at least 3–4 years focused on vulnerability management.
Industry certifications such as CISSP, CEH, CompTIA Security+, or relevant vulnerability management credentials.
Strong experience with vulnerability scanning tools (e.g., Qualys, Tenable Nessus, Rapid7 InsightVM).
Solid understanding of vulnerability classification standards (e.g., CVSS, CWE, CAPEC) and security frameworks.
Familiarity with patch management, system hardening, and configuration management tools and processes.
Working knowledge of Linux, Windows, and macOS environments, including OS-level security controls.
Understanding of networking protocols, firewalls, and network security best practices.
Experience with compliance frameworks such as PCI-DSS, SOC II, or ISO 27001.
Strong analytical and problem-solving skills, with the ability to assess complex environments and identify potential exposures.
Excellent communication skills, with the ability to convey technical risk to both technical and non-technical stakeholders.
Ability to manage multiple projects and tasks in a dynamic, fast-paced environment.
What’s in it for you
Competitive compensation, benefits and generous time-off policies
4-Day summer work weeks and a winter holiday break
401(k)/DCPP matching
Annual bonus program
Casual, dog-friendly, and innovative office spaces
For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits
Don’t just take our word for it
10X Virginia Business Best Places to Work
10X Washingtonian Great Places to Work
9X Washington Post Top Workplace
St.Louis Post-Dispatch Best Places to Work
#J-18808-Ljbffr
Join Team CARFAX as a
Senior Security Engineer - Vulnerability Management We are seeking a highly skilled and motivated
Senior Cyber Security Engineer – Vulnerability Management
who will play a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The
Senior Cyber Security Engineer – Vulnerability Management
collaborates with various IT and business teams to integrate security best practices into every aspect of the organization\'s operations. 3 days per week in our Columbia, MO office (subject to change with future business needs).
What you’ll be doing
Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting.
Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements.
Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities.
Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities.
Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs.
Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort.
Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly.
Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders.
Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs.
Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit documentation and responses.
Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues.
Provide guidance to junior team members and support knowledge sharing within the cybersecurity team.
What we're looking for
Bachelor’s degree in computer science, Information Security, or a related field.
Minimum of 5+ years of experience in cybersecurity, with at least 3–4 years focused on vulnerability management.
Industry certifications such as CISSP, CEH, CompTIA Security+, or relevant vulnerability management credentials.
Strong experience with vulnerability scanning tools (e.g., Qualys, Tenable Nessus, Rapid7 InsightVM).
Solid understanding of vulnerability classification standards (e.g., CVSS, CWE, CAPEC) and security frameworks.
Familiarity with patch management, system hardening, and configuration management tools and processes.
Working knowledge of Linux, Windows, and macOS environments, including OS-level security controls.
Understanding of networking protocols, firewalls, and network security best practices.
Experience with compliance frameworks such as PCI-DSS, SOC II, or ISO 27001.
Strong analytical and problem-solving skills, with the ability to assess complex environments and identify potential exposures.
Excellent communication skills, with the ability to convey technical risk to both technical and non-technical stakeholders.
Ability to manage multiple projects and tasks in a dynamic, fast-paced environment.
What’s in it for you
Competitive compensation, benefits and generous time-off policies
4-Day summer work weeks and a winter holiday break
401(k)/DCPP matching
Annual bonus program
Casual, dog-friendly, and innovative office spaces
For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits
Don’t just take our word for it
10X Virginia Business Best Places to Work
10X Washingtonian Great Places to Work
9X Washington Post Top Workplace
St.Louis Post-Dispatch Best Places to Work
#J-18808-Ljbffr