1

Vulnerability Engineer Jobs (NOW HIRING)

Senior Vulnerability Engineer W2 Hiring

Phoenix, AZ · On-site

$103K - $142K/yr

Senior Vulnerability Engineer Location: Phoenix, AZ; Columbus, OH; Dallas, TX Job Type: Contract Interview: Phone/Skype The Senior Vulnerability Engineer is a hands-on role responsible for driving ...

Vulnerability Engineering Lead

Alexandria, VA · Hybrid

$109K - $144K/yr

RiVidium is seeking a Vulnerability Engineering Lead to support our planned MODES III team supporting Military Community and Family Policy (MC&FP). This role supports IT, Cybersecurity, and Data ...

Vulnerability Engineering Lead

Alexandria, VA · On-site

$109K - $144K/yr

Full-Time/Part-Time Full-Time Description RiVidium is seeking a Vulnerability Engineering Lead to support our planned MODES III team supporting Military Community and Family Policy (MC&FP). This role ...

next page

Showing results 1-20

Vulnerability Engineer information

See salary details

$39K

$101.8K

$137.5K

How much do vulnerability engineer jobs pay per year?

As of Jul 14, 2026, the average yearly pay for vulnerability engineer in the United States is $101,752.00, according to ZipRecruiter salary data. Most workers in this role earn between $84,000.00 and $116,500.00 per year, depending on experience, location, and employer.

What are some common challenges faced by Vulnerability Engineers when coordinating with development teams to remediate identified vulnerabilities?

One of the primary challenges Vulnerability Engineers encounter is ensuring that development teams prioritize and address vulnerabilities promptly, especially when they have competing project deadlines. Effective communication is essential to explain the risk and potential business impact of each vulnerability in terms that are understandable to non-security professionals. Additionally, aligning remediation efforts with ongoing development cycles and managing false positives can require careful negotiation and collaboration. Building strong relationships and fostering a security-first culture within the organization can significantly ease these challenges.

What is the difference between Vulnerability Engineer vs Security Analyst?

AspectVulnerability EngineerSecurity Analyst
CertificationsOSCP, CISSP, CEHCISSP, Security+
Work EnvironmentFocus on identifying and fixing vulnerabilities in systems and applicationsMonitor security alerts, analyze threats, and respond to incidents
Employer & Industry UsageTech companies, cybersecurity firms, large enterprisesCorporate security teams, government agencies, financial institutions

While both roles focus on cybersecurity, Vulnerability Engineers primarily identify and remediate system vulnerabilities, whereas Security Analysts monitor and respond to security threats. Vulnerability Engineers are more technical and hands-on with system testing, while Security Analysts focus on threat detection and incident response. Both roles are essential for a comprehensive security strategy.

What is a Vulnerability Engineer?

A Vulnerability Engineer is a cybersecurity professional responsible for identifying, assessing, and mitigating security vulnerabilities within an organization's systems, networks, and applications. They use specialized tools to scan for weaknesses, analyze security data, and work with other IT teams to remediate risks. Their goal is to protect sensitive data and ensure compliance with industry regulations by proactively addressing potential security threats.

What are the key skills and qualifications needed to thrive as a Vulnerability Engineer, and why are they important?

To thrive as a Vulnerability Engineer, you need a strong understanding of cybersecurity principles, vulnerability assessment methodologies, and a background in IT or computer science. Familiarity with tools such as Nessus, Qualys, Burp Suite, and relevant certifications like OSCP or CompTIA Security+ are commonly expected. Analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying risks and collaborating with teams. These skills and qualifications are vital to proactively detect, assess, and mitigate security vulnerabilities, protecting organizational assets from cyber threats.
More about Vulnerability Engineer jobs
What states have the most Vulnerability Engineer jobs? States with the most job openings for Vulnerability Engineer jobs include:
Senior Vulnerability Engineer W2 Hiring

Senior Vulnerability Engineer W2 Hiring

PDDN INC.

Phoenix, AZ • On-site

$103K - $142K/yr

Contractor

Re-posted 20 days ago


Job description

Job Description

Role: Senior Vulnerability Engineer
Location: Phoenix, AZ; Columbus, OH; Dallas, TX
Job Type: Contract 
Interview: Phone/Skype
Job Description:
The Senior Vulnerability Engineer is a hands-on role responsible for driving timely, high-quality remediation of security vulnerabilities and configuration gaps across enterprise environments. This position owns the remediation execution cadence-from tool-generated findings through validation, assignment, evidence collection, risk acceptance coordination, and closure-and is expected to operate effectively in a fast-paced, operational setting with minimal ramp-up time. The role requires clear communication, disciplined expectation setting with IT teams, early identification of blockers, and delivery of decision-ready status and risk reporting to stakeholders and leadership.
Demonstrate advanced proficiency with the ServiceNow Vulnerability Response (VR) module to manage end-to-end vulnerability workflows, including triage, assignment, SLA tracking, exception and risk acceptance processing, remediation evidence captures, and closure.
Lead a high-tempo remediation cadence (weekly or biweekly) with IT teams; set clear expectations, drive action-item closure, and escalate impediments as required.
Execute hands-on remediation activities to achieve SLA targets, including patching, configuration changes, implementation of compensating controls, and post-remediation validation; proactively manage at-risk items using documented recovery plans.
Apply advanced ServiceNow Vulnerability Response (VR) capabilities, including vulnerability group and item management, routing and assignment, SLA and aging oversight, exception and risk acceptance handling, and closure workflows; utilize Rapid7 and Wiz as primary sources of findings.
Partners with patching and IT teams to execute remediation plans, validate remediation effectiveness, and maintain accurate, auditable closure evidence.
Provide concise, executive-ready reporting (Power BI and ServiceNow) on SLA performance, aging, risk trends, and decisions required for operational reviews and leadership updates.

What you will need:
Bachelor's degree or equivalent practical experience.
Seven (7) or more years of experience in vulnerability remediation, patch and configuration management, and operational security engineering in fast-paced environments.
Strong troubleshooting and hands-on remediation skills, including patching, configuration changes, validation and verification, and evidence collection.
Demonstrated high skill in ServiceNow Vulnerability Response (VR), including vulnerability groups and items, routing and assignment, SLA and aging management, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Clear, concise communicator (written and verbal) with demonstrated ability to set expectations, influence without authority, and coordinate across multiple IT teams in a matrixed environment.
Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and reporting/analytics (e.g., Power BI); ability to translate data into action.
Demonstrated ability to operate as a self-starter with minimal oversight, manage multiple workstreams, set expectations, and drive remediation to closure.
Experience in the financial services industry with proven regulatory and compliance discipline.
Strong analytical skills with the ability to translate vulnerability data into remediation plans, operational metrics, and risk-based communication.

Key Responsibilities:
What you will do:
Drive remediation of tool-identified vulnerabilities by validating applicability and asset context, determining the appropriate remediation approach (patch, configuration change, compensating control), coordinating execution with IT teams, and verifying closure.
Serve as a ServiceNow Vulnerability Response (VR) subject matter expert, including vulnerability group and item management, routing and assignment, SLA and aging tracking, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
Conduct monthly KPI/KRI and SLA health reviews; communicate risk and progress clearly, set expectations, and drive timely decisions with leadership and stakeholder teams.
Develop and drive remediation action plans (owners, milestones, and escalation paths) for critical and high-severity vulnerabilities; maintain momentum and accountability in a fast-paced environment.
Build and maintain actionable dashboards and reporting (Power BI and ServiceNow VR) that communicate remediation health, SLA risk, vulnerability aging, and trend insights.
Facilitate exception and risk acceptance requests by ensuring documentation quality, appropriate approvals, defined expiration dates, and end-to-end tracking of compensating controls.
Provide routine (daily/weekly) stakeholder updates that clearly communicate status, next steps, owners, and estimated timelines; escalate when expectations or SLAs are at risk.
Document and continuously improve standard operating procedures (SOPs) and coach junior team members on remediation workflows and ServiceNow VR best practices.

What are the Mandatory skills and skill proficiencies required for this position?
experience in vulnerability remediation, patch and configuration management
Strong troubleshooting and hands-on remediation skills
ServiceNow Vulnerability Response
vulnerability scanning and exposure management tools 

Additional Information

All your information will be kept confidential according to EEO guidelines.