C2C role- Security SME/Architect (Vulnerability Management) - Sunnyvale, CA 94085 (100% Onsite)

[Yogesh Singh]

Hi,

Hope you are doing great.

Please share resumes for the below role, mentioning visa status, current location, and LI ID of the candidate.

 

C2C Role: Vulnerability Management - Security SME / Architect

Location: Sunnyvale, CA 94085 (100% Onsite)

Max Rate: $90/hr

 

Role Overview

The Security Subject Matter Expert (SME) – Vulnerability Management is responsible for reviewing vulnerability management reports, validating findings, and providing hands-on remediation support across Application, Cloud, Infrastructure, and Security environments. This role serves as a technical advisor to engineering and security teams, ensuring vulnerabilities are accurately assessed, prioritized, and remediated in line with enterprise risk standards.

 

Key Responsibilities

Vulnerability Report Review & Analysis

• Review vulnerability assessment reports from Application Security, Cloud Security, Infrastructure, and Endpoint scanning tools.
• Validate findings to identify false positives, duplicates, and non-actionable vulnerabilities.
• Analyze vulnerabilities based on severity, exploitability, asset criticality, and business impact.

Risk Assessment & Prioritization

• Support risk-based prioritization using CVSS, threat intelligence, exploit availability, and exposure context.
• Identify critical and high-risk vulnerabilities requiring immediate remediation.
• Provide technical input for risk acceptance, exception handling, and compensating controls.

Remediation Support & Validation

• Provide clear, actionable remediation guidance for applications, cloud workloads, operating systems, middleware, containers, and network components.
• Work closely with Application Owners, Cloud Engineers, Infrastructure, DevOps, and Security teams to explain vulnerabilities and remediation steps.
• Support remediation validation through re-scans and verification activities.

Cross-Functional Collaboration

• Act as a technical SME supporting Vulnerability Management, AppSec, Cloud Security, SOC, and Infrastructure teams.
• Participate in remediation review meetings, backlog reduction initiatives, and POD-based remediation efforts.
• Support Program Managers and Architects with technical insights and remediation status updates.

Documentation & Knowledge Management

• Develop and maintain remediation runbooks, SOPs, and technical guidance documents.
• Assist with audit evidence preparation, compliance validation, and management reporting.
• Contribute to continuous improvement of vulnerability management processes.

 

Required Skills & Qualifications

Technical Skills

• Strong hands-on experience in Vulnerability Management and remediation.
• Working knowledge of: 

• Application Security (SAST, DAST, SCA, API security)
• Cloud Security (AWS/Azure/GCP vulnerabilities, misconfigurations)
• Infrastructure & OS vulnerabilities (Windows, Linux, middleware, databases)

• Familiarity with vulnerability scanning and security tools (e.g., VM scanners, AppSec tools, CSPM/CNAPP platforms).
• Understanding of CVSS scoring, exploitability, and threat intelligence.

Professional Skills

• Strong analytical and problem-solving skills.
• Ability to clearly explain technical vulnerabilities to engineering teams.
• Experience working in cross-functional, enterprise environments.
• Strong documentation and communication skills.

 

Desired / Nice-to-Have

• Experience supporting large vulnerability backlogs and remediation PODs.
• Exposure to ITSM tools (e.g., ServiceNow) for vulnerability tracking.
• Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS, NIST).
• Security certifications (e.g., CEH, GWAPT, GCPN, AWS Security, OSCP) are a plus.

 

 

Thanks

Yogesh Pratap Singh

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.