REQUIRED EXPERIENCE:
Vulnerability Management Platforms: Deep hands-on experience managing and optimizing enterprise tools (e.g., Qualys, Wiz, Nessus, Rapid7), including platform configuration, performance tuning, and data quality management.
Tooling Integration & Engineering: Experience designing and implementing integrations between vulnerability platforms and enterprise systems (e.g., ServiceNow CMDB, SecOps, SIEM) to support automated workflows and governance processes.
Automation & Scripting: Strong proficiency in automation and orchestration using scripting languages (e.g., Python, PowerShell) to streamline scanning, reporting, and remediation processes.
Configuration Assurance & Secure Baselines: Advanced understanding of operating systems, secure configuration baselines, and continuous compliance validation across enterprise infrastructure.
Data Analytics & Reporting: Ability to develop and maintain dashboards and metrics that provide insight into vulnerability trends, remediation performance, and risk posture for both technical and executive audiences.
Cloud & Infrastructure Security: Experience securing modern environments, including cloud platforms (AWS, Azure, GCP) and hybrid infrastructures, with a focus on vulnerability and configuration risk management.
Troubleshooting & Platform Optimization: Strong ability to identify tool defects, perform root cause analysis, and work with vendors to resolve issues and improve platform effectiveness.
Core Strengths
Subject Matter Expertise: Acts as a technical authority in vulnerability management and configuration assurance, providing guidance, mentorship, and strategic direction.
Engineering Mindset & Problem Solving: Ability to design scalable solutions, troubleshoot complex issues, and continuously improve tooling and processes to enhance security outcomes.
Risk Translation & Executive Communication: Skilled in translating complex technical risks into clear, concise insights that support leadership decision-making and risk prioritization.
Operational Excellence & Process Optimization: Focused on improving operational efficiency through automation, standardization, and continuous process improvement initiatives.
Data Integrity & Accountability: Ensures high standards of data accuracy, completeness, and reliability across vulnerability and configuration platforms.
Collaboration & Influence: Strong ability to partner with infrastructure, cloud, architecture, and application teams to drive remediation, enforce standards, and improve overall security posture
JOB TITLE: VMCA Engineer
JOB LOCATION: Hybrid Springfield, Boston or NY
WAGE RANGE*: 58 - 62/ hour W2
JOB NUMBER:37329823
JOB DESCRIPTION
The Vulnerability Management and Configuration Assurance (VMCA) Engineer plays a critical role in strengthening the organization's security posture by designing, implementing, and optimizing enterprise vulnerability management and configuration assurance capabilities. This role is responsible for driving end-to-end ownership of tooling, integrations, and processes that enable comprehensive visibility into vulnerabilities and configuration risks across on-premises, cloud, and hybrid environments.
The engineer ensures that vulnerability and configuration data is accurate, complete, and actionable, enabling risk-based prioritization and effective remediation across the enterprise. This includes oversight of vulnerability management platforms, troubleshooting tool issues, and collaborating with cross-functional teams to enhance detection, reporting, and response capabilities.
In addition, the VMCA Engineer develops and maintains scalable dashboards, metrics, and executive reporting to provide transparency into risk posture, remediation progress, and control effectiveness. The role is instrumental in driving automation, process improvement, and governance alignment, ensuring compliance with regulatory frameworks such as NIST, CIS, ISO, and NY Client.
As a senior technical resource, the engineer provides subject matter expertise, mentoring, and strategic guidance, translating complex technical risks into clear, actionable insights for both technical teams and executive leadership.
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.