Talent.com
Technology Vulnerability Management Engineer
Technology Vulnerability Management EngineerCooley • San Francisco, CA, United States
Technology Vulnerability Management Engineer

Technology Vulnerability Management Engineer

Cooley • San Francisco, CA, United States
[job_card.variable_days_ago]
[job_preview.job_type]
  • [job_card.full_time]
[job_card.job_description]

Technology Vulnerability Management Engineer

Cooley is seeking a Technology Vulnerability Management Engineer to join the Security team.

Position Summary : Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Technology Vulnerability Management Engineer is expected to recognize that the Cooley Technology department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document.

The Technology Vulnerability Management Engineer will lead the full vulnerability management lifecycle across endpoints, servers, applications, containers, and cloud environments. This role owns discovery, validation, risk-based prioritization, and remediation outcomes. The engineer will administer and optimize vulnerability management platforms, automate data flows and reporting, and partner with Technology and Innovation teams to meet SLA targets and reduce enterprise risk. The position will be a balance of hands-on technical execution, program leadership, and clear communication, while staying current on emerging threats and supporting audits, compliance efforts, and incident response activities. Specific duties include, but are not limited to, the following :

Position responsibilities

  • Support the development and continuous optimization of vulnerability management services, including scanning cadence, exception handling, SLAs and alignment with security controls
  • Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
  • Administer and optimize enterprise vulnerability management platforms (e.g., Tenable / Qualys / Rapid7), ensuring accurate coverage across assets
  • Integrate asset context from CMDB, EDR, and cloud inventory to drive effective risk-based prioritization
  • Build automation for data ingestion, deduplication, ticketing, and reporting using APIs, scripting, and other tools to improve data quality and reduce false positives
  • Analyze and interpret vulnerability scan results to assess severity, validate findings, and provide actionable remediation recommendations
  • Publish dashboards and reports tailored for engineers, management, and executive leadership to communication progress and risk
  • Drive remediation efforts, including patching, configuration baselines, and compensating controls, and validate results through rescans or attestations
  • Partner with developers, DevOps, and other stakeholders to implement "shift-left" practices such as pipeline scanning, container / base-image hygiene, and Infrastructure-as-Code (IaC) hardening
  • Collaborate with cross-functional teams to implement security solutions and controls that mitigate identified vulnerabilities
  • Support audits, assessments, and regulatory compliance requirements by providing accurate documentation and evidence
  • Identify opportunities for process improvements, tool optimization, and template standardization to increase efficiency and reduce operational overhead
  • Stay current on emerging threats, vulnerabilities, and industry best practices to ensure the program remains effective and modern
  • Contribute to advanced security testing activities such as penetration testing, application reviews and targeted vulnerability assessments as needed
  • Assist with incident response activities by providing vulnerability context, supporting root cause analysis, and helping to validate containment and remediation actions
  • All other duties as assigned or required

Skills and experience :

Required :

  • After orientation at Cooley LLP, exhibit proficiency in the Microsoft 365, MECM, Intune, iManage and other firm applications
  • Ability to work extended and / or weekend hours, as required
  • 2+ years of experience in cyber security, vulnerability management, or penetration testing. Senior candidates must have 5+ years' directly applicable experience in the field
  • Strong hands-on experience conducting vulnerability scans, including configuration and use of tools such as Tenable, Qualys, Rapid7
  • Knowledge of cybersecurity frameworks, controls and standards, and best practices
  • Solid understanding of Windows / Linux, networks, web / application stacks, and at least one major cloud provider (AWS / Azure)
  • Proficiency in Python or PowerShell and REST APIs; ability to build repeatable pipelines / dashboards
  • Familiarity with CVSS, KEV, EPSS and how they align with risk frameworks
  • Extensive knowledge and experience generating and disseminating easily digestible metrics and report to system owners and leadership

    • Preferred :

  • Bachelor's Degree in Information Technology or Computer Information Systems
  • Knowledge of the Mitre ATT&CK framework and NIST Cyber Security Framework
  • Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
  • Experience with incident response procedures
  • Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms
  • Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams
  • Solid knowledge and understanding of security regulations and best practices such as the ISO 27000 family of standards
  • Demonstrated experience communicating technical information to business clients and less experienced technologists
  • CISSP, CISM or equivalent
  • Experience with CI / CD pipelines
  • Cloud Architecture and / or Cloud Security Certifications (AWS, Azure, GCP)
  • Cloud Security Alliance (CCSP, CCSK) (ISC)2
  • Additional security certifications

    • Competencies :

  • Exceptional customer service skills
  • Excellent analytical, problem-solving, customer service, project management and communication skills
  • Goal-oriented
  • Proven track record of excellent decision making, integrity and working with IT management, business users and business professionals
  • Excellent oral and written communication skills, including technical and user documentation
  • Strong organizational skills
  • Ability to work independently and under high pressure with tight schedules and deadlines
  • Ability to interact well with all levels of business professionals
  • Excellent active listening skills
  • Flexible and patient with process development / execution and adherence to instruct project management practices
  • Capable of grasping new concepts quickly and without prior experience
  • Detail-oriented
  • Ability to multi-task and work in fast-paced environment
  • Ability to interact and coordinate with several teams to achieve objectives
  • Ability to solve problems independently and simultaneously, effectively managing multiple tasks
  • Professional demeanor at all times

    • Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices. EOE.

    The expected annual pay range for this position is $110,000 - $155,000. Please note that final offer amount will be dependent on geographic location, applicable experience and skillset of the candidate. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience.

    We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and / or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and / or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.

    [job_alerts.create_a_job]

    Engineer Vulnerability • San Francisco, CA, United States

    [internal_linking.similar_jobs]
    Cloud Service Reliability Engineer

    Cloud Service Reliability Engineer

    Forhyre • San Francisco, CA, US
    [job_card.full_time]
    We are looking for someone that is generalist at heart, one who is curious, appreciates complexity, knows or wants to learn when to step back and when to dive deep. We call this role a Cloud Service...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Principal DevOps Engineer

    Principal DevOps Engineer

    Informatica LLC • Redwood City, CA, United States
    [job_card.full_time]
    Principal DevOps Engineer (Multi-Cloud).We are looking for a Principal DevOps Engineer to be a technical leader and the main reason for our multi-cloud operations strategy.This isn't just about mai...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Geotechnical Engineer

    Geotechnical Engineer

    Certerra • Berkeley, CA, US
    [job_card.full_time]
    Certerra provides technology-enabled testing, inspection, and certification services for new product development, engineering solutions to manage assets, and quality assurance for project delivery....[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Vulnerability Management Manager

    Vulnerability Management Manager

    VirtualVocations • Oakland, California, United States
    [job_card.full_time]
    A company is looking for a Manager for Total Vulnerability Management (TVM).Key Responsibilities Lead the identification, assessment, prioritization, and remediation of security vulnerabilities a...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Technology Vulnerability Management Engineer

    Technology Vulnerability Management Engineer

    Cooley LLP • San Francisco, CA, United States
    [job_card.full_time]
    Technology Vulnerability Management Engineer.Cooley is seeking a Technology Vulnerability Management Engineer to join the Security team. Cooley Technology embraces a culture of customer service exce...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Renewable Energy Systems Technician

    Renewable Energy Systems Technician

    Blue Planet Energy Systems, Inc • Richmond, CA, US
    [job_card.full_time]
    As pioneers in the energy storage sector, Blue Planet Energy stands at the forefront of innovation, boasting over a decade of expertise in deploying cutting-edge lithium iron phosphate (LiFePO4) te...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Senior Site Reliability Engineer Cloud Platform

    Senior Site Reliability Engineer Cloud Platform

    Zilliz • Redwood City, CA, US
    [job_card.full_time]
    Zilliz is a fast-growing startup developing the industry’s leading vector database company for enterprise-grade AI.Founded by the engineers behind Milvus, the world’s most pop...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Staff Reliability EngineerReliability & Test • Berkeley, CA • Full time • On-site

    Staff Reliability EngineerReliability & Test • Berkeley, CA • Full time • On-site

    Form Energy • Berkeley, CA, United States
    [job_card.full_time]
    Are you ready to build America's energy future? Form Energy is an American manufacturing and energy technology company.We're revolutionizing energy storage with cost-effective, multi-day technology...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Staff Systems Engineer

    Staff Systems Engineer

    Bio-Rad Laboratories • Hercules, CA, United States
    [job_card.full_time]
    Working within Bio-Rad's Life Science R&D Group as a Systems Engineer, you will take engineering concepts, requirements and transform them into functional prototypes and finished products that impr...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Senior Remediation Engineer

    Senior Remediation Engineer

    FirstCarbon Solutions • Alameda, CA, US
    [job_card.full_time] +1
    Professional Engineer to support our growing operations.License in California with the ability to gain licensure in other states. Hybrid work with some in-office presence is preferred, but the role ...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Forward Deployed Engineer, GenAI

    Forward Deployed Engineer, GenAI

    Scale AI, Inc. • San Francisco, CA, United States
    [job_card.full_time]
    At Scale AI, our mission is to accelerate the development of AI applications.For 8 years, Scale has been the leading AI data foundry, helping fuel the most exciting advancements in AI, including ge...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Forward Deployed Engineer

    Forward Deployed Engineer

    Merge API • San Francisco, CA, US
    [job_card.full_time]
    Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. Our platform offers two core products : Merge Uni...[show_more]
    [last_updated.last_updated_30] • [promoted]
    City Engineer

    City Engineer

    WBCP, Inc. • Berkeley, CA, US
    [job_card.full_time]
    The City of Berkeley, California is seeking an experienced, forward-thinking, and collaborative.This is an exceptional opportunity to guide complex capital improvement programs; advance multimodal,...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Senior Hardware Reliability Engineer - Design for Reliability

    Senior Hardware Reliability Engineer - Design for Reliability

    Zipline • South San Francisco, CA, US
    [job_card.full_time]
    Senior Hardware Reliability Engineer - Design for Reliability.Engineering | Hardware Reliability.Do you want to change the world? Zipline is on a mission to transform the way goods move.Our aim is ...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Senior Quality Systems Engineer # 4465

    Senior Quality Systems Engineer # 4465

    GRAIL • Menlo Park, CA, US
    [job_card.full_time]
    Our mission is to detect cancer early, when it can be cured.We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective tech...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Engineering @ Superpower

    Engineering @ Superpower

    Superpower • San Francisco, CA, US
    [job_card.full_time]
    As an Engineer at Superpower, you will play a critical role in architecting and delivering the foundational technology for Superpower’s digital health platform. This is a unique opportunity fo...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Senior Site Reliability Engineer

    Senior Site Reliability Engineer

    Gradle Inc. • San Francisco, CA, US
    [job_card.full_time]
    Develocity is a first-of-its-kind toolchain observability and acceleration platform that helps software teams adopt and improve DORA capabilities (including continuous delivery) in order to achieve...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Senior Site Reliability Engineer

    Senior Site Reliability Engineer

    CaptivateIQ • Menlo Park, CA, US
    [job_card.full_time]
    CaptivateIQ is transforming the way companies plan, manage, and optimize sales performance.We started by revolutionizing incentive compensation management, and now we're expanding our platform ...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]