Senior Vulnerability Management Engineer

As a senior vulnerability management engineer you will be a key member of the Everbridge Information Security team tasked with reducing the risk of vulnerability exploitation through appropriate and timely resolution or mitigation of vulnerabilities across Everbridge’s broad product set and Corporate IT.

This role is responsible for partnering with Engineering and Corporate IT to ensure implementation of vulnerability best practices across Everbridge globally; ensuring that appropriate vulnerability scanning is in place; monitoring and reporting Everbridge’s global vulnerability posture; maintaining awareness of vulnerability disclosures; analysis of vulnerabilities and their impact; and, collaborating with Everbridge’s global Engineering and Corporate IT teams to ensure timely and appropriate vulnerability remediation.

What You’ll Do:

• Lead and manage the vulnerability management program, ensuring timely identification, assessment, and remediation of vulnerabilities.
• Conduct regular vulnerability assessments using tools such as Qualys, Veracode, Snyk, Prisma Cloud, Burp Suite, and BrightSec.
• Perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) services.
• Investigate Common Vulnerabilities and Exposures (CVE) to determine their impact on the organization and recommend appropriate mitigation strategies.
• Engage with stakeholders, including engineering teams, to communicate vulnerabilities, steps to reproduce, and provide mitigation support.
• Drive the security exception process and ensure compliance with internal security policies and standards.
• Collaborate with third-party penetration testers and act as a bridge between engineering teams and external testers to address technical gaps.
• Work with engineering teams to remediate vulnerabilities within defined Service Level Agreements (SLAs) to meet compliance requirements.
• Support the compliance team and work on improving internal security processes.
• Conduct occasional internal penetration tests to identify and address security weaknesses.
• Utilize centralized vulnerability management tools like DefectDojo for tracking and reporting vulnerabilities.
• Engage with product owners to understand enhancements and ensure the security scan scope is comprehensive.
• Investigate vulnerabilities reported by external security researchers, reproduce reported issues, and assist engineers in fixing them.
• Manage the security scorecard and help the organization maintain advanced scores.
• Keep the leadership team informed by sharing security scorecards and metrics.
• Introduce new security services and fine-tune current security processes.

What You’ll Bring:

• 5+ years of experience in information security, with a focus on vulnerability management.
• Proficient understanding of security attacks, including OWASP Top 10 and SANS Top 25.
• Hands-on experience with security tools such as Qualys, Veracode, Snyk, Prisma Cloud, Burp Suite, and BrightSec.
• Basic understanding of AWS cloud and experience working in cloud security is an added advantage.
• Strong analytical and problem-solving skills with the ability to investigate and assess the impact of vulnerabilities.
• Excellent communication skills to effectively engage with stakeholders and engineering teams.
• Experience in driving security exception processes and supporting compliance initiatives.
• Familiarity with centralized vulnerability management tools like DefectDojo.
• Ability to perform occasional internal penetration tests and support third-party pentesting efforts.

#LI-BK1

About Everbridge

Everbridge empowers enterprises and government organizations to anticipate, mitigate, respond to, and recover stronger from critical events. In today’s unpredictable world, resilient organizations minimize impact to people and operations, absorb stress, and return to productivity faster when deploying critical event management (CEM) technology. Everbridge digitizes organizational resilience by combining intelligent automation with the industry’s most comprehensive risk data to Keep People Safe and Organizations Running™. For more information, visit www.everbridge.com, read the company blog, and follow on Twitter. Everbridge… Empowering Resilience

Everbridge is an Equal Opportunity/Affirmative Action Employer. All qualified Applicants will receive consideration for employment without regard to race, creed, color, religion, or sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.