Senior Security Vulnerability Management Engineer

Immigration sponsorship is not available for this position What you can expect The Security Vulnerability Management Engineer will work closely with Information Security Engineers and cross-functional IT teams to ensure appropriate security controls are in place and that security policies are effectively implemented across the organization. This role is responsible for operating and maturing the vulnerability management program, leading stakeholder engagements, and providing regular updates to leadership on scanning results, risk posture, and remediation efforts. About the Team You will be part of a high-performing, experienced team responsible for maintaining FedRAMP and IL4 compliance for Zoom for Government and Zoom for Defense - our offerings to the U.S. Government. In this role, you will actively scan, monitor, manage, and report on vulnerabilities (CVEs), contribute to monthly POA&M reporting, and analyze and recommend remediation strategies. Your work will directly support maintaining the authorizations required to deliver secure services to U.S. Government customers. Responsibilities Conducting vulnerability scans across systems, networks, endpoints, and applications. Validating, prioritizing, and driving remediation of identified vulnerabilities Partnering with engineering and IT teams to track and improve patching cadence. Owning vulnerability reporting, including tracking remediation status and risk exposure. Maintaining and optimize vulnerability scanning tools and schedules. Integrating vulnerability management tools with SIEM platforms. Developing dashboards and metrics to provide visibility into security posture for leadership. Creating and improving tools, documentation, processes, and techniques to support vulnerability remediation. Leading and coordinating stakeholder meetings to review findings and remediation plans. What we’re looking for Hold a B.S. or M.S. in Computer Science, Information Security, Engineering or related fields. Have experience working with CI/CD pipelines, containerized environments, and building, testing, and deployment in an IL4 environment. Demonstrate understanding of FedRAMP CVE guidelines, remediation timelines, and vulnerability frameworks such as CVE and CVSS. Bring 5+ years of experience in Information Security, including 4+ years in Vulnerability Management, and 5+ years in DevOps. Able to perform vulnerability scanning using tools such as Tenable Nessus, Prisma Cloud, Burp Suite, and similar platforms (e.g., Qualys, Tenable). Demonstrate proficiency in scripting (Python, Bash, PowerShell, or similar) to automate remediation and reporting tasks. Able to apply experience in Infrastructure Security, including OS hardening, and good knowledge of network technologies and protocols. Utilize experience in application, network, and system security, including intrusion analysis, malware, antivirus, host-based and network forensics, and tools such as JIRA, Confluence, and ServiceNow. Salary Range or On Target Earnings: Minimum: $124 000,00 Maximum: $271 200,00 In addition to the base salary and/or OTE listed Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus and equity value. Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience. We also have a location based compensation structure; there may be a different range for candidates in this and other locations At Zoom, we offer a window of at least 5 days for you to apply because we believe in giving you every opportunity. Below is the potential closing date, just in case you want to mark it on your calendar. We look forward to receiving your application! Anticipated Position Close Date: 03/27/26 Ways of Working Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting. Benefits As part of our award-winning wor ... (truncated, view full listing at source)