Vulnerability Management Engineer
Back to Jobs
WorkstreetGet Smart Job AI Coach in the appFree on iOS and Android 






Vulnerability Management Engineer
Location
India
Experience
Mid
Posted
Jul 7, 2026
Apply by
August 6, 2026
Applicants
0
Early applicantFull-timeWork from Home
Job Description
**About Workstreet**
At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of GRC (governance, risk, and compliance) services that support frameworks across SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP. We empower companies to meet regulatory requirements and enhance their cybersecurity posture from day one.
## **Get to know the Security Services Team** ****
Our Cloud Security Engineering team is where compliance meets cloud operations. We work directly with clients' engineering and security contacts to monitor and remediate failing cloud security tests in GRC platforms like Vanta, keeping AWS, Azure, and GCP environments continuously compliant without slowing down the teams that build in them. Clarity and precision are non-negotiable: a failing test needs a closed finding, not a pending conversation. We turn compliance gaps into resolved configurations, and we do it at the pace the client's environment demands. If you want to be the person who bridges the gap between a compliance dashboard and a cloud console, you're in good company.
**The Opportunity**
We are seeking a consultative and hands-on Vulnerability Management (VM) Engineer to join our elite Delivery team. At Workstreet, our work doesn't stop at handing over a scan report—ownership and complete follow-through define how we operate. You will serve as the primary security advisor for an assigned portfolio of fast-growth startups, helping them identify, prioritize, and fix risks.
In this role, you will seamlessly combine scanning infrastructure management with high-touch client advisory. Using tools like Vanta, Tenable, and risk prioritization models (CVSS/EPSS), you will surface critical vulnerabilities. Instead of just passing off the findings, you will work directly with client IT and DevOps teams to deploy patches right where the vulnerabilities live in AWS, Azure, and GCP. If you want to be the person who closes the loop from scan to fix rather than just passing the buck, this is your team.
**What You'll Do**
- **Orchestrate Vulnerability Scanning Infrastructure:** Configure, schedule, and maintain authenticated credentials, scan policies, and asset groups across client networks and cloud-native environments using enterprise platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, and Vanta).
- **Execute Threat Analysis and Risk Prioritization:** Evaluate raw scan outputs and filter false positives; apply advanced risk-based prioritization data utilizing CVSS base scores, EPSS real-time exploit indices, global threat intelligence feeds, and critical client asset contexts.
- **Drive Collaborative Remediation and Governance:** Translate technical vulnerabilities into clear, actionable architectural guidance and patch-management workflows; partner directly inside the trenches with client software engineers and IT teams to multi-thread remediation efforts and accelerate their sub-30-day time-to-remediate velocity.
- **Manage Exceptions and Audit Compliance:** Document, verify, and track formal client requests for temporary vulnerability exceptions or long-term risk acceptances; map operational patching data directly to control evidence required for regulatory audits (SOC 2, ISO 27001, HIPAA, CMMC, and NIST).
- **Own the Advisory Client Experience:** Act as the strategic primary point of contact and trusted security advisor for an assigned portfolio of fast-growth startups; deliver regular project milestones, handle high-priority technical escalations with calm professionalism, and generate regular status reports and executive summaries that communicate technical risk as clear business value.
**What will help you succeed**
- Hands-on configuration and operational experience with one or more vulnerability management scanning platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, or Vanta).
- A deep, accurate understanding of vulnerability scoring systems (CVSS, EPSS indices) and data-driven, risk-based prioritization methodologies.
- The explicit ability to interpret raw scan outputs, filter out false positives, and seamlessly translate complex technical findings into business-relevant risk language for corporate stakeholders.
- Foundational familiarity with common vulnerability classes, cloud container exposures, configuration defects, and exploit vectors across cloud, OS, application, and network infrastructure layers.
- Working knowledge of standard information security compliance frameworks (such as SOC 2, ISO 27001, HIPAA, or CMMC) and how automated infrastructure scanning maps to regulatory audit evidence.
- A highly consultative, client-centric approach to engineering delivery; utilizing technical documentation, professional written summaries, and clear milestone mapping to manage multiple client engagements simultaneously and interact directly with US-based tech founders.
**Nice to Have**
- Experience with patch management workflows and coordination with IT and engineering teams.
- Relevant certifications (e.g., CompTIA Security+, CEH, Tenable Certified Security Associate, or GIAC GEVA).
- Familiarity with cloud environments (AWS, GCP, Azure) and cloud-native vulnerability surfaces.
- Understanding of the CVE lifecycle, NVD, and threat intelligence feeds.
- Prior experience in a managed security services or consulting environment.
**What We Offer**
- **Career Development:** Clear path with mentorship and training opportunities
- **Technical Training:** Comprehensive onboarding on security and compliance frameworks
- **Competitive Compensation:** A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
- **Growth Opportunity:** Early-stage company with significant room for career advancement.
- **Remote-First Culture:** Flexibility to work from anywhere while collaborating with a global team.
## **What You'll Need to Thrive**
- Excellent written and verbal English communication skills, with the ability to engage confidently with candidates, hiring managers, and business leaders across global teams.
- A reliable, high-speed internet connection and a professional home office environment that supports confidential conversations, virtual interviews, and uninterrupted collaboration.
- Commitment to working a standard schedule of 8:00 AM–5:00 PM US Eastern Time (ET) to effectively support hiring managers, candidates, and cross-functional teams. Occasional flexibility to adjust working hours is expected to accommodate changing business priorities, global collaboration, and time-sensitive hiring needs
- Willingness and ability to travel locally for occasional onsite meetings, team gatherings, or business activities as needed.
## **Hiring and Selection Process**
- Candidates must participate in live video interviews throughout the hiring process with the camera on (non-negotiable) and be prepared to verify their identity during recruitment and onboarding.
- Employment is contingent upon successful completion of identity verification and background screening, where permitted by law.
- Selected candidates will participate in structured interviews with hiring managers and cross-functional stakeholders to assess role fit, experience, and alignment with Workstreet’s operating principles.
- Candidates will receive prompt updates and consistent communication throughout the interview process, ensuring a transparent, smooth, and engaging experience at every step.
**Workstreet Is An Equal Opportunity Employer**
As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.
Key Responsibilities
- Configure, schedule, and maintain vulnerability scanning infrastructure across client networks and cloud environments.
- Evaluate raw scan outputs and apply risk-based prioritization using CVSS and EPSS indices.
- Partner with client IT and DevOps teams to deploy patches and accelerate remediation efforts.
- Document and track vulnerability exceptions and map patching data to regulatory audit evidence.
- Serve as the primary security advisor for a portfolio of startups, delivering status reports and handling escalations.
Skills Required
Vulnerability ManagementTenableNessusQualysRapid7 InsightVMVantaCVSSEPSSCloud SecurityAWSAzureGCPSOC 2ISO 27001HIPAACMMCNISTCommunicationClient AdvisoryProblem SolvingAttention to DetailCollaborationPatch management workflowsCVE lifecycleNVDThreat intelligence feeds
Benefits
- Career development with mentorship and training
- Competitive compensation with performance reviews
- Bonus opportunities
- Remote-first culture
- Flexible working hours
App exclusive · Free
Smart Job AI Coach
Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.
Interview readiness
See how prepared you are and what to improve for each role.
Personalized tips
Actionable suggestions based on your profile and the job.
After you apply
Keep coaching momentum from job detail through application success.
Similar roles for you
Matched using this role's title and skills. Open the job search anytime to see every listing.

Sr. Security Controls & Compliance Engineer (Contract)
UP.Labs
ContractWork from Home
RemoteSenior

Information Security Engineer - Vulnerability Management
Starling
Full-timeEasy applyHybrid
SouthamptonMid

Information Security Engineer - Vulnerability Management
Starling
Full-timeEasy applyHybrid
LondonMid

Senior Security Engineer
Weekday AI
25,00,000–50,00,000 / Year
Full-timeEasy applyWork from Office
BengaluruSenior

AppSec Engineer
CoinsPaid
Full-timeEasy applyWork from Home
Remote - European RegionMid

Senior DevOps Engineer
Dark Wolf Solutions
140,000–200,000 / Year
Full-timeEasy applyWork from Office
OmahaSenior