Our client seeks 3 different resources for a 8 months+ Hybrid in either Springfield (ideal)/NYC (second choice) or Boston (least preferred). MUST be able to work on our W2. NO AGENCIES.
First role: Vulnerability Management and Configuration Assurance (VMCA) Engineer
The Vulnerability Management and Configuration Assurance (VMCA) Engineer plays a critical role in strengthening the organization's security posture by designing, implementing, and optimizing enterprise vulnerability management and configuration assurance capabilities. This role is responsible for driving end-to-end ownership of tooling, integrations, and processes that enable comprehensive visibility into vulnerabilities and configuration risks across on-premises, cloud, and hybrid environments.
The engineer ensures that vulnerability and configuration data is accurate, complete, and actionable, enabling risk-based prioritization and effective remediation across the enterprise. This includes oversight of vulnerability management platforms, troubleshooting tool issues, and collaborating with cross-functional teams to enhance detection, reporting, and response capabilities.
In addition, the VMCA Engineer develops and maintains scalable dashboards, metrics, and executive reporting to provide transparency into risk posture, remediation progress, and control effectiveness. The role is instrumental in driving automation, process improvement, and governance alignment, ensuring compliance with regulatory frameworks such as NIST, CIS, ISO, and NY DFS.
As a senior technical resource, the engineer provides subject matter expertise, mentoring, and strategic guidance, translating complex technical risks into clear, actionable insights for both technical teams and executive leadership.
Skills:
Vulnerability Management Platforms: Deep hands-on experience managing and optimizing enterprise tools (e.g., Qualys, Wiz, Nessus, Rapid7), including platform configuration, performance tuning, and data quality management.
Tooling Integration & Engineering: Experience designing and implementing integrations between vulnerability platforms and enterprise systems (e.g., ServiceNow CMDB, SecOps, SIEM) to support automated workflows and governance processes.
Automation & Scripting: Strong proficiency in automation and orchestration using scripting languages (e.g., Python, PowerShell) to streamline scanning, reporting, and remediation processes.
Configuration Assurance & Secure Baselines: Advanced understanding of operating systems, secure configuration baselines, and continuous compliance validation across enterprise infrastructure.
Second Role: Cyber Data Analytics & Reporting: Ability to develop and maintain dashboards and metrics that provide insight into vulnerability trends, remediation performance, and risk posture for both technical and executive audiences.
Cloud & Infrastructure Security: Experience securing modern environments, including cloud platforms (AWS, Azure, GCP) and hybrid infrastructures, with a focus on vulnerability and configuration risk management.
Troubleshooting & Platform Optimization: Strong ability to identify tool defects, perform root cause analysis, and work with vendors to resolve issues and improve platform effectiveness.
Core Strengths
Subject Matter Expertise: Acts as a technical authority in vulnerability management and configuration assurance, providing guidance, mentorship, and strategic direction.
Engineering Mindset & Problem Solving: Ability to design scalable solutions, troubleshoot complex issues, and continuously improve tooling and processes to enhance security outcomes.
Third role: Cyber Risk Translation & Executive Communication/Governance: Skilled in translating complex technical risks into clear, concise insights that support leadership decision-making and risk prioritization.
Operational Excellence & Process Optimization: Focused on improving operational efficiency through automation, standardization, and continuous process improvement initiatives.
Data Integrity & Accountability: Ensures high standards of data accuracy, completeness, and reliability across vulnerability and configuration platforms.
Collaboration & Influence: Strong ability to partner with infrastructure, cloud, architecture, and application teams to drive remediation, enforce standards, and improve overall security posture
VULNERABILITY MANAGEMENT
CONFIGURATION ASSURANCE
QUALYS
WIZ
NESSUS