Onsite Job opportunity for the role of Vulnerability Management - Security SME / Architect in Sunnyvale, CA (100% Onsite)
Rahul Pandey
Greetings,
This is Rahul from Quantum world Technologies; I am working as Senior Technical Recruiter in this company. I have a onsite/hybrid Job Opportunity with one of our clients. Please share your resume if you are interested in the job details given below:
Job Title: Vulnerability Management - Security SME / Architect
Location : Sunnyvale, CA (100% Onsite)
Job Description-
Role Overview
The Security Subject Matter Expert (SME) – Vulnerability Management is responsible for reviewing vulnerability management reports, validating findings, and providing hands-on remediation support across Application, Cloud, Infrastructure, and Security environments. This role serves as a technical advisor to engineering and security teams, ensuring vulnerabilities are accurately assessed, prioritized, and remediated in line with enterprise risk standards.
Key Responsibilities
Vulnerability Report Review & Analysis
- Review vulnerability assessment reports from Application Security, Cloud Security, Infrastructure, and Endpoint scanning tools.
- Validate findings to identify false positives, duplicates, and non-actionable vulnerabilities.
- Analyze vulnerabilities based on severity, exploitability, asset criticality, and business impact.
Risk Assessment & Prioritization
- Support risk-based prioritization using CVSS, threat intelligence, exploit availability, and exposure context.
- Identify critical and high-risk vulnerabilities requiring immediate remediation.
- Provide technical input for risk acceptance, exception handling, and compensating controls.
Remediation Support & Validation
- Provide clear, actionable remediation guidance for applications, cloud workloads, operating systems, middleware, containers, and network components.
- Work closely with Application Owners, Cloud Engineers, Infrastructure, DevOps, and Security teams to explain vulnerabilities and remediation steps.
- Support remediation validation through re-scans and verification activities.
Cross-Functional Collaboration
- Act as a technical SME supporting Vulnerability Management, AppSec, Cloud Security, SOC, and Infrastructure teams.
- Participate in remediation review meetings, backlog reduction initiatives, and POD-based remediation efforts.
- Support Program Managers and Architects with technical insights and remediation status updates.
Documentation & Knowledge Management
- Develop and maintain remediation runbooks, SOPs, and technical guidance documents.
- Assist with audit evidence preparation, compliance validation, and management reporting.
- Contribute to continuous improvement of vulnerability management processes.
Required Skills & Qualifications
Technical Skills
- Strong hands-on experience in Vulnerability Management and remediation.
- Working knowledge of:
- Application Security (SAST, DAST, SCA, API security)
- Cloud Security (AWS/Azure/GCP vulnerabilities, misconfigurations)
- Infrastructure & OS vulnerabilities (Windows, Linux, middleware, databases)
- Familiarity with vulnerability scanning and security tools (e.g., VM scanners, AppSec tools, CSPM/CNAPP platforms).
- Understanding of CVSS scoring, exploitability, and threat intelligence.
Professional Skills
- Strong analytical and problem-solving skills.
- Ability to clearly explain technical vulnerabilities to engineering teams.
- Experience working in cross-functional, enterprise environments.
- Strong documentation and communication skills.
Desired / Nice-to-Have
- Experience supporting large vulnerability backlogs and remediation PODs.
- Exposure to ITSM tools (e.g., ServiceNow) for vulnerability tracking.
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS, NIST).
- Security certifications (e.g., CEH, GWAPT, GCPN, AWS Security, OSCP) are a plus.
Thanks & Regards
Rahul Pandey