Job Title

Job Description This role supports a leading global law firm known for advising many of the worldu2019s most sophisticated financial institutions, asset managers, and multinational corporations on complex, highu2011stakes matters. Consistently recognized among the elite in the legal industry, the firm operates across major financial centers worldwide, offering a truly international platform and exposure to cuttingu2011edge legal and regulatory work. The role is hybrid remote with 3 days onsite - Wednesday is a must for a team day and you can pick the other two days. This resource will join a team of 2 and will be conducting scanning and reviewing the vulnerabilities, validate by reaching out to appropriate System Owners/Teams who work on the patching, and following the remediation path through by active follow up. The Senior Information Security Engineer, Vulnerability Management is responsible for leading the identification, assessment, and mitigation of security vulnerabilities across enterprise systems and applications. This role plays a critical part in proactively managing cyber risks by discovering and addressing weaknesses before they can be exploited. The senior engineer will perform regular scanning and remediation of global networks, assess systems for vulnerabilities and misconfigurations, including cloud-based and onu2011premises assets. They will collaborate with IT teams and business process owners to ensure timely remediation of identified issues and drive continuous improvement of the organizationu2019s security posture. The ideal candidate is highly skilled in vulnerability management tools and methodologies, combined with a strong understanding of enterprise IT environments, including cloud infrastructure, networking, and applications. This role requires strong analytical skills, the ability to interpret scan results, prioritize remediation efforts, and work crossu2011functionally to reduce risk. The candidate must be able to communicate effectively with technical and nonu2011technical stakeholders and remain detailu2011oriented while adapting to new threats, technologies, and compliance requirements. Essential Job Duties & Responsibilities Lead enterprise vulnerability management activities including asset discovery, vulnerability scanning, configuration assessments, and prioritization. Deliver continuous vulnerability identification and remediation across attack surfaces, vulnerabilities, and securityu2011related misconfigurations throughout onu2011prem and cloudu2011based environments. Collaborate with business owners and IT teams to identify and remediate vulnerabilities across servers, infrastructure, networks, and applications. Manage vulnerability scanning tools and ensure accurate asset inventories and scan coverage. Manage and mature vulnerability management programs including breach simulation, redu2011team testing, and security assessment tools. Manage application security scanning tools including static, dynamic, and infrastructure scanning. Optimize vulnerability management processes and integrations with other security and IT operations workflows. Lead vulnerability response efforts to address imminent threats and zerou2011day vulnerabilities. Monitor vulnerability remediation progress and partner with IT teams to provide recommendations for effective risk remediation or mitigation. Monitor, mitigate, and report on emerging threats including supplyu2011chain weaknesses, misconfigurations, code vulnerabilities, unencrypted protocols, digital footprint issues, and other cybersecurity control gaps. Manage internal and external penetration testing and redu2011team activities, scope assessments, and oversee vendor coordination. Provide regular reporting on the current state of vulnerabilities and develop metrics and dashboards to communicate vulnerability trends and remediation progress to stakeholders. Develop vulnerability scoring priorities and measurement criteria, and build consumable reporting for technical and nonu2011technical stakeholders, IT leadership, and external clients. Stay current with emerging threats, vulnerabilities, exploit trends, and industry best practices. Support security audits, assessments, and compliance initiatives by providing accurate and timely vulnerability data. Contribute to the development of processes, standards, and playbooks related to vulnerability management. Participate in and support afteru2011hours work and onu2011call rotations as needed. Compensation: $53/hr to $64/hr. Exact compensation may vary based on several factors, including location, skills, experience, and education. Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements - 4- 8+ years in IT or Information Security, including 3-4+ years in vulnerability management or security engineering - Handsu2011on experience with enterprise vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus) - Strong ability to interpret CVSS, threat intelligence, and business impact to prioritize remediation - Solid understanding of cybersecurity risk management and frameworks (NIST, CIS, OWASP) - Experience securing cloud and hybrid environments (AWS, Azure, GCP), including infrastructure, networking, and applications - Strong foundation in networking, operating systems (Windows/Linux), and application security - Proven ability to manage multiple priorities, communicate risk effectively, and stay current on emerging threats - Professional certifications such as CISSP, CSSP, CEH, or similar - interpreting pentest results