Tacoma Public Utilities
Senior Vulnerability Management Engineer
Tacoma Public Utilities, Tacoma, Washington, us, 98417
Senior Vulnerability Management Engineer
Position Description
Are you passionate about safeguarding critical infrastructure and operational systems from cyber threats?
Tacoma Power invites you to explore this exciting opportunity to join our Cybersecurity Operations team within the Utility Technology Services (UTS) section as a highly skilled Senior Vulnerability Management Engineer.
This role is classified as Information Technology Security Analyst, Senior, and serves as a technical leader in safeguarding enterprise IT and operational technology (OT) environments, including critical infrastructure, operational systems, and sensitive data.
Key responsibilities include leading the design, implementation, and continuous improvement of Tacoma Power’s Vulnerability Management Program, coordinating remediation activities, integrating vulnerability intelligence, and providing mentorship and knowledge transfer across the team.
The position supports regulatory compliance, incident response, and cross‑functional investigations, while ensuring that vulnerabilities are prioritized and remediated in alignment with business impact, exploitability, and regulatory requirements.
Job Responsibilities
Lead Tacoma Power’s Vulnerability Management (VM) Program: Identify and implement program and process improvements; revise annually or as required to ensure continual improvement.
Operate and maintain VM tools: Conduct vulnerability scans across IT and OT systems, analyze results, maintain scanning tools, and create tickets for system owners.
Cybersecurity incident response: Support analysts in investigating alerts and contributing to active incident response using SIEM, EDR, and threat intelligence platforms.
Procedure Development & Process Improvement: Update cybersecurity plans and procedures based on program data and industry best practices.
Mentor and guide team members: Provide coaching, shadowing, peer reviews, and feedback to build team capability.
Develop and maintain internal documentation: Improve and maintain VM Plan, technical processes, and best practice guides.
Collaborate with stakeholders: Communicate with internal teams and business units to coordinate remediation and incident resolution.
Support Regulatory Compliance (NERC‑CIP): Maintain assigned CIP responsibilities and ensure audit readiness.
Qualifications Minimum Education
Bachelor’s degree in information technology, cybersecurity, or a directly related field.
Equivalency: 1 year of experience = 1 year of education.
Minimum Experience
4 years of progressively responsible information technology experience related to vulnerability management.
Licensing, Certifications and Other Requirements
Security+ or related certification (GIAC GCIA, GIAC GCIH, CISSP).
Washington State Driver’s License.
Additional background checks and certifications may be required depending on assignment.
Knowledge & Skills
Expertise with Vulnerability Management platforms such as Rapid7, Qualys, and Nessus.
Expertise with SIEM platforms such as LogRhythm and Splunk.
Experience managing and tuning EDR and application control platforms such as Carbon Black and CrowdStrike.
Experience in vulnerability assessments and remediation coordination.
Experience in security investigations and incident response activities.
Strong understanding of MITRE ATT&CK, threat modeling, and TTP analysis.
Familiarity with scripting and automation (Python, PowerShell).
Strong communication, collaboration, and customer service skills.
Incident response leadership in enterprise environments.
Certifications: Security+, GIAC GCIA, GIAC GCIH, or equivalent.
Experience with NERC‑CIP and other regulatory cybersecurity standards.
Compensation & Benefits Annual Salary: $118,560.00 - $166,920.00
Employee Benefits are provided by the City of Tacoma, including health, dental, vision, and retirement plans.
City of Tacoma’s Commitment to Diversity, Equity, and Inclusion At the City of Tacoma, we are on a mission to make our workforce as diverse and inclusive as the community we serve.
We actively seek out candidates from a wide range of backgrounds and cultures.
If you have a less traditional background, we want to hear about your transferrable skills and experience.
We value a variety of perspectives and are excited to see what you bring to the table.
Application Process Applicants should apply online by completing the application and attaching a resume and cover letter by the closing date and time listed in the job announcement.
Applications without the required materials may not progress.
Interviewers may perform a work problem, and appointments are subject to a background check.
#J-18808-Ljbffr
Tacoma Power invites you to explore this exciting opportunity to join our Cybersecurity Operations team within the Utility Technology Services (UTS) section as a highly skilled Senior Vulnerability Management Engineer.
This role is classified as Information Technology Security Analyst, Senior, and serves as a technical leader in safeguarding enterprise IT and operational technology (OT) environments, including critical infrastructure, operational systems, and sensitive data.
Key responsibilities include leading the design, implementation, and continuous improvement of Tacoma Power’s Vulnerability Management Program, coordinating remediation activities, integrating vulnerability intelligence, and providing mentorship and knowledge transfer across the team.
The position supports regulatory compliance, incident response, and cross‑functional investigations, while ensuring that vulnerabilities are prioritized and remediated in alignment with business impact, exploitability, and regulatory requirements.
Job Responsibilities
Lead Tacoma Power’s Vulnerability Management (VM) Program: Identify and implement program and process improvements; revise annually or as required to ensure continual improvement.
Operate and maintain VM tools: Conduct vulnerability scans across IT and OT systems, analyze results, maintain scanning tools, and create tickets for system owners.
Cybersecurity incident response: Support analysts in investigating alerts and contributing to active incident response using SIEM, EDR, and threat intelligence platforms.
Procedure Development & Process Improvement: Update cybersecurity plans and procedures based on program data and industry best practices.
Mentor and guide team members: Provide coaching, shadowing, peer reviews, and feedback to build team capability.
Develop and maintain internal documentation: Improve and maintain VM Plan, technical processes, and best practice guides.
Collaborate with stakeholders: Communicate with internal teams and business units to coordinate remediation and incident resolution.
Support Regulatory Compliance (NERC‑CIP): Maintain assigned CIP responsibilities and ensure audit readiness.
Qualifications Minimum Education
Bachelor’s degree in information technology, cybersecurity, or a directly related field.
Equivalency: 1 year of experience = 1 year of education.
Minimum Experience
4 years of progressively responsible information technology experience related to vulnerability management.
Licensing, Certifications and Other Requirements
Security+ or related certification (GIAC GCIA, GIAC GCIH, CISSP).
Washington State Driver’s License.
Additional background checks and certifications may be required depending on assignment.
Knowledge & Skills
Expertise with Vulnerability Management platforms such as Rapid7, Qualys, and Nessus.
Expertise with SIEM platforms such as LogRhythm and Splunk.
Experience managing and tuning EDR and application control platforms such as Carbon Black and CrowdStrike.
Experience in vulnerability assessments and remediation coordination.
Experience in security investigations and incident response activities.
Strong understanding of MITRE ATT&CK, threat modeling, and TTP analysis.
Familiarity with scripting and automation (Python, PowerShell).
Strong communication, collaboration, and customer service skills.
Incident response leadership in enterprise environments.
Certifications: Security+, GIAC GCIA, GIAC GCIH, or equivalent.
Experience with NERC‑CIP and other regulatory cybersecurity standards.
Compensation & Benefits Annual Salary: $118,560.00 - $166,920.00
Employee Benefits are provided by the City of Tacoma, including health, dental, vision, and retirement plans.
City of Tacoma’s Commitment to Diversity, Equity, and Inclusion At the City of Tacoma, we are on a mission to make our workforce as diverse and inclusive as the community we serve.
We actively seek out candidates from a wide range of backgrounds and cultures.
If you have a less traditional background, we want to hear about your transferrable skills and experience.
We value a variety of perspectives and are excited to see what you bring to the table.
Application Process Applicants should apply online by completing the application and attaching a resume and cover letter by the closing date and time listed in the job announcement.
Applications without the required materials may not progress.
Interviewers may perform a work problem, and appointments are subject to a background check.
#J-18808-Ljbffr