Cisco
Senior Vulnerability Management Engineer
Join to apply for the
Senior Vulnerability Management Engineer
role at
Cisco .
Meet the Team Are you passionate about making a real difference in cybersecurity? At Cisco, our Vulnerability Management team (part of Splunk Global Security) is at the forefront of protecting the technologies and products that power the world’s data insights. We do more than just uncover technical vulnerabilities — we take a multidisciplinary, risk-based approach to security, identifying not only system flaws but also process and operational risks that could impact our product.
We are a globally diverse team of engineers who thrive on collaboration. Our team partners closely with diverse business and engineering groups, gaining deep understanding of their technologies and unique challenges. We don’t just deliver findings — we provide actionable, tailored guidance to drive real remediation and elevate Splunk’s security posture.
If you want to work at the intersection of risk management, technical security, and strategic collaboration — and help shape the future of security at Splunk — we want to meet you!
Your Impact Help Splunk see risk more clearly, make data‑driven decisions, and continuously improve — by turning data into action and vulnerabilities into opportunities for growth.
Responsibilities
Build solutions/capabilities within the scope of Vulnerability Management to further improve Splunk’s Vulnerability Management Program (e.g., automation, data analysis, process development).
Act as SME (subject matter expert) for vulnerability management and processes.
Analyze vulnerability data/identifying trends to perform root‑cause analysis.
Assist in development of new security standards and baselines.
Perform vulnerability assessments and act as a point of contact for engineering teams to drive remediation of security concerns and active incidents.
Respond to emerging security events and threats.
Triage vulnerabilities to provide company‑specific severity guidance.
Ensure remediation team compliance to regulatory standards.
Comfortably lead security discussions, vulnerability assessments, propose and discuss solutions to security tools that are directly related to their area of focus.
Develop SOPs, performance metrics, and reporting mechanisms aligned with SLAs and critical metrics.
Engage with leadership, customers, and auditors to provide updates, recommendations, and briefings.
Minimum Qualifications
Bachelor’s degree with 8+ years of experience in a vulnerability management engineering or information security capacity or Master’s degree with 6+ years of experience; or PhD with 5+ years of related experience.
Must have experience with risk‑based vulnerability management/configuration compliance assessments and security concepts and prioritization methodologies.
Able to communicate risk and urgency to executives, program, and technical staff.
Demonstrable proficiency with vulnerability scanning and configuration compliance platforms such as Tenable, Qualys, Rapid7, Wiz, Prisma, or similar.
Familiarity with how to assess and implement external configuration compliance standards such as CIS Benchmarks and DISA STIGs.
Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc).
Strong analytical and problem‑solving skills, with an ability to balance security needs with business impact while addressing systemic security issues through root cause analysis, building security solutions, and project leadership.
Knowledge of common security threats, such as attack‑techniques, evasive techniques, and preventative & defensive methods.
Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
Familiarity with compliance requirements for certifications like PCI DSS, SOC2, HIPAA, FedRAMP.
Preferred Qualifications
Functional in using Splunk Search Processing Language (SPL).
Excellent working experience in applying FISMA, and FedRAMP processes and policies to information systems.
Experience with scripting and automation (e.g., Python, SOAR) to automate scanning tasks, reporting, and API integrations.
Industry certifications such as CISSP, CCSP, CompTIA CySA+, Cloud Vendor security credentials.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Engineering and Information Technology
Industries Software Development
Referrals increase your chances of interviewing at Cisco by 2x
#J-18808-Ljbffr
Senior Vulnerability Management Engineer
role at
Cisco .
Meet the Team Are you passionate about making a real difference in cybersecurity? At Cisco, our Vulnerability Management team (part of Splunk Global Security) is at the forefront of protecting the technologies and products that power the world’s data insights. We do more than just uncover technical vulnerabilities — we take a multidisciplinary, risk-based approach to security, identifying not only system flaws but also process and operational risks that could impact our product.
We are a globally diverse team of engineers who thrive on collaboration. Our team partners closely with diverse business and engineering groups, gaining deep understanding of their technologies and unique challenges. We don’t just deliver findings — we provide actionable, tailored guidance to drive real remediation and elevate Splunk’s security posture.
If you want to work at the intersection of risk management, technical security, and strategic collaboration — and help shape the future of security at Splunk — we want to meet you!
Your Impact Help Splunk see risk more clearly, make data‑driven decisions, and continuously improve — by turning data into action and vulnerabilities into opportunities for growth.
Responsibilities
Build solutions/capabilities within the scope of Vulnerability Management to further improve Splunk’s Vulnerability Management Program (e.g., automation, data analysis, process development).
Act as SME (subject matter expert) for vulnerability management and processes.
Analyze vulnerability data/identifying trends to perform root‑cause analysis.
Assist in development of new security standards and baselines.
Perform vulnerability assessments and act as a point of contact for engineering teams to drive remediation of security concerns and active incidents.
Respond to emerging security events and threats.
Triage vulnerabilities to provide company‑specific severity guidance.
Ensure remediation team compliance to regulatory standards.
Comfortably lead security discussions, vulnerability assessments, propose and discuss solutions to security tools that are directly related to their area of focus.
Develop SOPs, performance metrics, and reporting mechanisms aligned with SLAs and critical metrics.
Engage with leadership, customers, and auditors to provide updates, recommendations, and briefings.
Minimum Qualifications
Bachelor’s degree with 8+ years of experience in a vulnerability management engineering or information security capacity or Master’s degree with 6+ years of experience; or PhD with 5+ years of related experience.
Must have experience with risk‑based vulnerability management/configuration compliance assessments and security concepts and prioritization methodologies.
Able to communicate risk and urgency to executives, program, and technical staff.
Demonstrable proficiency with vulnerability scanning and configuration compliance platforms such as Tenable, Qualys, Rapid7, Wiz, Prisma, or similar.
Familiarity with how to assess and implement external configuration compliance standards such as CIS Benchmarks and DISA STIGs.
Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc).
Strong analytical and problem‑solving skills, with an ability to balance security needs with business impact while addressing systemic security issues through root cause analysis, building security solutions, and project leadership.
Knowledge of common security threats, such as attack‑techniques, evasive techniques, and preventative & defensive methods.
Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
Familiarity with compliance requirements for certifications like PCI DSS, SOC2, HIPAA, FedRAMP.
Preferred Qualifications
Functional in using Splunk Search Processing Language (SPL).
Excellent working experience in applying FISMA, and FedRAMP processes and policies to information systems.
Experience with scripting and automation (e.g., Python, SOAR) to automate scanning tasks, reporting, and API integrations.
Industry certifications such as CISSP, CCSP, CompTIA CySA+, Cloud Vendor security credentials.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Engineering and Information Technology
Industries Software Development
Referrals increase your chances of interviewing at Cisco by 2x
#J-18808-Ljbffr