Vulnerability Management Engineer

Role SummaryThe Vulnerability Management Administrator is responsible for end-to-end execution, administration, and engineering of the enterprise vulnerability management program. This includes vulnerability scanning, assessment, prioritization, remediation coordination, governance, and integration using tools such as Rapid7 InsightVM, CrowdStrike Spotlight, Qualys, Tenable Nessus, Defender TVM, Tanium, and other supporting platforms.Experience Range: 7 to 12 yearsJob Location: Hyderabad onlyKey Responsibilities - Monitor & Administer Rapid7 InsightVM, CrowdStrike Spotlight dashboards and daily scan status. - Perform and Validate scan results, failures, authentication issues, and asset discovery errors. - Execute scheduled and on-demand scans across servers, endpoints, cloud, and network. - Identify new assets and ensure proper tagging and inclusion in scanning scope. - Perform authenticated scans using approved credentials. - Identify high/critical vulnerabilities and assign remediation tickets. - Maintain daily/weekly operational vulnerability summary reports. - Administer Rapid7 InsightVM: scan engines, sites, templates, asset groups. - Configure authenticated scans and troubleshoot credential failures. - Manage CrowdStrike Spotlight asset visibility and vulnerability correlation. - Tune scan templates to reduce latency and false positives. - Analyze vulnerabilities based on CVSS, EPSS, RealRisk, KEV, exploit intelligence. - Validate false positives with application/infra teams and re-scan for verification. - Prioritize vulnerabilities using exploit-based and business-risk-based approaches. - Coordinate remediation with IT, cloud, network, and application owners. - Track remediation SLAs and manage vulnerability exception workflows. - Integrate VM tools with SIEM (Splunk, QRadar, Chronicle) for event correlation. - Create vulnerability dashboards and reporting for leadership. - Configure cloud connectors for AWS, Azure, GCP and validate scan coverage. - Manage VM configurations in secondary tools: Qualys policies, Nessus repositories, Tanium modules, Defender TVM exposure dashboards. - Architect enterprise-level vulnerability management strategy across hybrid/multi-cloud. - Lead onboarding of global environments, network segments, cloud workloads, OT/IoT. - Develop automation using Python/PowerShell for scan scheduling, data extraction, ticket creation, and exception workflows. - Implement CI/CD pipeline vulnerability scanning for DevSecOps environments. - Correlate vulnerabilities with threat intelligence, exploit kits, malware campaigns. - Manage enterprise governance: remediation SLAs, exception policies, escalation matrix. - Conduct periodic vulnerability posture reviews and risk reduction roadmaps. - Maintain compliance alignment: ISO 27001, PCI-DSS, NIST CSF, CIS benchmarks. - Lead cross-tool migrations and unified vulnerability reporting architecture. - Mentor L1/L2 teams, build SOPs, knowledge bases, and operational playbooks. - Manage integration of VM tools with CMDB, patching systems (SCCM/Intune/Tanium), EDR tools, and cloud native scanners.Skill RequirementsMandatory: - Strong hands-on experience with Rapid7 InsightVM / Nexpose. - Experience with CrowdStrike Spotlight vulnerability module. - Understanding of vulnerability scoring (CVSS v3.1, EPSS, KEV). - Knowledge of OS/network/cloud security hardening. - Familiarity with patching processes, SCCM, Intune, and CI/CD.Preferred: - Experience with Qualys VMDR, Tenable Nessus, Defender TVM, Tanium Comply. - Strong scripting experience (Python, PowerShell). - Experience with SIEM tools (Splunk, QRadar, Chronicle). - Experience with SOAR automation and API integrations.