C2 Labs, Inc.
Senior Information Security Engineer / Vulnerability Manager
C2 Labs, Inc., Olympia, Washington, United States
Senior Information Security Engineer / Vulnerability Manager
C2 Labs, Inc. – www.c2labs.com
C2 Labs partners with clients on their IT transformation journey via our industry-leading capabilities in full stack development, hyper-automation/DevOps, and cybersecurity compliance. We provide specialized products and services that enable clients to innovate with speed and scale while maintaining a robust and effective security posture. As digital transformation partners, we address the most urgent needs holding back our clients, including proactively addressing cultural change, quantifying risk, automating compliance, and closing critical skill gaps.
Vulnerability & Threat Management
Manage enterprise vulnerability management platforms (e.g., Tenable, Qualys, Rapid7) and ensure timely scanning, reporting, and remediation tracking.
Perform risk-based analysis of vulnerabilities, develop mitigation plans, and escape issues requiring urgent remediation.
Integrate threat intelligence to prioritize vulnerabilities based on exploitability, industry trends, and business impact.
Establish and maintain vulnerability KPIs, metrics, and executive reporting dashboards.
Security Engineering
Design, implement, and maintain security controls and safeguards across networks, endpoints, and cloud environments (AWS, Azure, or hybrid).
Automate security operations tasks using scripts or tools (Python, PowerShell, Bash, or AWS Lambda).
Collaborate with IT and DevOps teams to integrate vulnerability management into CI/CD pipelines and cloud workloads.
Conduct regular security assessments, penetration test remediation support, and continuous monitoring activities.
Governance, Risk, & Compliance
Support compliance with federal frameworks (FedRAMP, NIST SP 800-53, NIST SP 800-171/CMMC, FISMA, etc.).
Document processes, remediation plans, and compliance evidence in alignment with client requirements.
Provide recommendations for continuous improvement of security posture and policy enforcement.
Collaboration & Leadership
Partner with cross-functional teams (IT, Development, Operations, and Compliance) to ensure vulnerabilities are remediated in a timely, risk-based manner.
Provide technical leadership and mentorship to junior security engineers and analysts.
Participate in client-facing meetings and presentations as a subject matter expert in vulnerability and threat management.
Education, Training, Qualifications, and Certifications Required
U.S. Citizenship and ability to obtain/maintain Public Trust clearance
Bachelor’s degree in Computer Science, Cybersecurity, or related field OR 5+ years of equivalent hands-on experience
Proven experience in vulnerability management, security engineering, or penetration testing
Strong knowledge of IT infrastructure, networking, and cloud environments (AWS preferred)
Familiarity with security automation, scripting (Python, PowerShell, Bash), and infrastructure-as-code principles
Excellent analytical, problem-solving, and communication skills
Background check and unannounced drug testing required.
This position is onsite in Washington, DC, with occasional travel (up to 25%) for client meetings and work assignments.
Preferred
Professional certifications such as CISSP, CISM, OSCP, CEH, Security+, or AWS Security Specialty
Experience with compliance frameworks (FedRAMP, NIST 800-53, CMMC)
Background in DevSecOps practices, continuous monitoring, and automation
EOE STATEMENT We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
#J-18808-Ljbffr
C2 Labs, Inc. – www.c2labs.com
C2 Labs partners with clients on their IT transformation journey via our industry-leading capabilities in full stack development, hyper-automation/DevOps, and cybersecurity compliance. We provide specialized products and services that enable clients to innovate with speed and scale while maintaining a robust and effective security posture. As digital transformation partners, we address the most urgent needs holding back our clients, including proactively addressing cultural change, quantifying risk, automating compliance, and closing critical skill gaps.
Vulnerability & Threat Management
Manage enterprise vulnerability management platforms (e.g., Tenable, Qualys, Rapid7) and ensure timely scanning, reporting, and remediation tracking.
Perform risk-based analysis of vulnerabilities, develop mitigation plans, and escape issues requiring urgent remediation.
Integrate threat intelligence to prioritize vulnerabilities based on exploitability, industry trends, and business impact.
Establish and maintain vulnerability KPIs, metrics, and executive reporting dashboards.
Security Engineering
Design, implement, and maintain security controls and safeguards across networks, endpoints, and cloud environments (AWS, Azure, or hybrid).
Automate security operations tasks using scripts or tools (Python, PowerShell, Bash, or AWS Lambda).
Collaborate with IT and DevOps teams to integrate vulnerability management into CI/CD pipelines and cloud workloads.
Conduct regular security assessments, penetration test remediation support, and continuous monitoring activities.
Governance, Risk, & Compliance
Support compliance with federal frameworks (FedRAMP, NIST SP 800-53, NIST SP 800-171/CMMC, FISMA, etc.).
Document processes, remediation plans, and compliance evidence in alignment with client requirements.
Provide recommendations for continuous improvement of security posture and policy enforcement.
Collaboration & Leadership
Partner with cross-functional teams (IT, Development, Operations, and Compliance) to ensure vulnerabilities are remediated in a timely, risk-based manner.
Provide technical leadership and mentorship to junior security engineers and analysts.
Participate in client-facing meetings and presentations as a subject matter expert in vulnerability and threat management.
Education, Training, Qualifications, and Certifications Required
U.S. Citizenship and ability to obtain/maintain Public Trust clearance
Bachelor’s degree in Computer Science, Cybersecurity, or related field OR 5+ years of equivalent hands-on experience
Proven experience in vulnerability management, security engineering, or penetration testing
Strong knowledge of IT infrastructure, networking, and cloud environments (AWS preferred)
Familiarity with security automation, scripting (Python, PowerShell, Bash), and infrastructure-as-code principles
Excellent analytical, problem-solving, and communication skills
Background check and unannounced drug testing required.
This position is onsite in Washington, DC, with occasional travel (up to 25%) for client meetings and work assignments.
Preferred
Professional certifications such as CISSP, CISM, OSCP, CEH, Security+, or AWS Security Specialty
Experience with compliance frameworks (FedRAMP, NIST 800-53, CMMC)
Background in DevSecOps practices, continuous monitoring, and automation
EOE STATEMENT We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
#J-18808-Ljbffr