Career Opportunities

Vulnerability Management Engineer

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of GRC (governance, risk, and compliance) services that support frameworks across SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP.  We empower companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

Get to know the Vulnerability Management Team 

Our Vulnerability Management team does not stop at the report. We identify, prioritize, and fix vulnerabilities hands-on across client environments, including direct patch deployment into AWS, Azure, and GCP where the vulnerabilities actually live. We work closely with client IT, DevOps, and security teams to move findings from open to closed as efficiently as possible, using risk-based prioritization to make sure the right things get fixed first. Ownership and follow-through define how we operate: a scan result without a remediated finding is an unfinished job. If you want to be the person who closes the loop rather than hands it off, this is your team.

The Opportunity

We are seeking a consultative and hands-on Vulnerability Management (VM) Engineer to join our elite Delivery team. At Workstreet, our work doesn't stop at handing over a scan report—ownership and complete follow-through define how we operate. You will serve as the primary security advisor for an assigned portfolio of fast-growth startups, helping them identify, prioritize, and fix risks.

In this role, you will seamlessly combine scanning infrastructure management with high-touch client advisory. Using tools like Vanta, Tenable, and risk prioritization models (CVSS/EPSS), you will surface critical vulnerabilities. Instead of just passing off the findings, you will work directly with client IT and DevOps teams to deploy patches right where the vulnerabilities live in AWS, Azure, and GCP. If you want to be the person who closes the loop from scan to fix rather than just passing the buck, this is your team.

What You'll Do

  • Orchestrate Vulnerability Scanning Infrastructure: Configure, schedule, and maintain authenticated credentials, scan policies, and asset groups across client networks and cloud-native environments using enterprise platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, and Vanta).
  • Execute Threat Analysis and Risk Prioritization: Evaluate raw scan outputs and filter false positives; apply advanced risk-based prioritization data utilizing CVSS base scores, EPSS real-time exploit indices, global threat intelligence feeds, and critical client asset contexts.
  • Drive Collaborative Remediation and Governance: Translate technical vulnerabilities into clear, actionable architectural guidance and patch-management workflows; partner directly inside the trenches with client software engineers and IT teams to multi-thread remediation efforts and accelerate their sub-30-day time-to-remediate velocity.
  • Manage Exceptions and Audit Compliance: Document, verify, and track formal client requests for temporary vulnerability exceptions or long-term risk acceptances; map operational patching data directly to control evidence required for regulatory audits (SOC 2, ISO 27001, HIPAA, CMMC, and NIST).
  • Own the Advisory Client Experience: Act as the strategic primary point of contact and trusted security advisor for an assigned portfolio of fast-growth startups; deliver regular project milestones, handle high-priority technical escalations with calm professionalism, and generate regular status reports and executive summaries that communicate technical risk as clear business value.

What will help you succeed

  • Hands-on configuration and operational experience with one or more vulnerability management scanning platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, or Vanta).
  • A deep, accurate understanding of vulnerability scoring systems (CVSS, EPSS indices) and data-driven, risk-based prioritization methodologies.
  • The explicit ability to interpret raw scan outputs, filter out false positives, and seamlessly translate complex technical findings into business-relevant risk language for corporate stakeholders.
  • Foundational familiarity with common vulnerability classes, cloud container exposures, configuration defects, and exploit vectors across cloud, OS, application, and network infrastructure layers.
  • Working knowledge of standard information security compliance frameworks (such as SOC 2, ISO 27001, HIPAA, or CMMC) and how automated infrastructure scanning maps to regulatory audit evidence.
  • A highly consultative, client-centric approach to engineering delivery; utilizing technical documentation, professional written summaries, and clear milestone mapping to manage multiple client engagements simultaneously and interact directly with US-based tech founders.

Nice to Have

  • Experience with patch management workflows and coordination with IT and engineering teams.
  • Relevant certifications (e.g., CompTIA Security+, CEH, Tenable Certified Security Associate, or GIAC GEVA).
  • Familiarity with cloud environments (AWS, GCP, Azure) and cloud-native vulnerability surfaces.
  • Understanding of the CVE lifecycle, NVD, and threat intelligence feeds.
  • Prior experience in a managed security services or consulting environment.

What We Offer

  • Career Development: Clear path with mentorship and training opportunities
  • Technical Training: Comprehensive onboarding on security and compliance frameworks
  • Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
  • Growth Opportunity: Early-stage company with significant room for career advancement.
  • Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

What You'll Need to Thrive

  • Excellent written and verbal English communication skills, with the ability to engage confidently with candidates, hiring managers, and business leaders across global teams.
  • A reliable, high-speed internet connection and a professional home office environment that supports confidential conversations, virtual interviews, and uninterrupted collaboration.
  • Commitment to working a standard schedule of 8:00 AM–5:00 PM US Eastern Time (ET) to effectively support hiring managers, candidates, and cross-functional teams. Occasional flexibility to adjust working hours is expected to accommodate changing business priorities, global collaboration, and time-sensitive hiring needs
  • Willingness and ability to travel locally for occasional onsite meetings, team gatherings, or business activities as needed.

Hiring and Selection Process

  • Candidates must participate in live video interviews throughout the hiring process with the camera on (non-negotiable) and be prepared to verify their identity during recruitment and onboarding.
  • Employment is contingent upon successful completion of identity verification and background screening, where permitted by law.
  • Selected candidates will participate in structured interviews with hiring managers and cross-functional stakeholders to assess role fit, experience, and alignment with Workstreet’s operating principles.
  • Candidates will receive prompt updates and consistent communication throughout the interview process, ensuring a transparent, smooth, and engaging experience at every step.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.  Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.

Delivery

Philippines

Compartir en:

Condiciones del servicioPrivacidadCookiesDesarrollado por Rippling