Threat and Vulnerability Engineer

This range is provided by Syllogis Teks. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$90,000.00/yr - $/yr

The Security Engineer II - Threat and Vulnerability is responsible for identifying, assessing, and mitigating security risks across our environments. This role emphasizes detecting vulnerabilities, ensuring secure configurations, and driving remediation efforts to strengthen the firm’s overall security posture. The Security Engineer II leverages technical expertise, automation, and programming skills to improve the efficiency and accuracy of vulnerability detection, reporting, and response processes.

• Research, analyze, and evaluate emerging threats, vulnerabilities, and exploits across on-premises and cloud environments.
• Monitor and correlate threat intelligence feeds to identify relevant tactics, techniques, and procedures (TTPs).
• Apply frameworks such as MITRE ATT&CK, OWASP, and CVSS to assess severity, exploitability, and business impact.
• Identify, assess, and manage vulnerabilities across cloud platforms such as AWS, Azure, or GCP, including misconfigurations and exposed services.
• Utilize CSPM and CWPP tools like Prisma Cloud, Defender for Cloud, and Wiz to detect, track, and report vulnerabilities.
• Collaborate with cloud, Dev Ops, and IT teams to remediate vulnerabilities and integrate security controls into infrastructure and pipelines.
• Implement and maintain secure configuration standards across servers, endpoints, databases, network devices, and cloud resources.
• Perform regular configuration audits and compliance checks using frameworks such as CIS Benchmarks, NIST 800-53, and DISA STIGs.
• Integrate vulnerability management tools with SIEM, SOAR, and ticketing systems via APIs to improve workflow efficiency.
• Create dashboards and data visualizations to enhance threat visibility and remediation tracking.
• Track and verify remediation progress, ensuring alignment with defined SLAs, risk priorities, and compliance requirements.
• Communicate technical findings, risks, and remediation guidance clearly to both technical and non-technical stakeholders.

• Advanced understanding of security control environment such as access control, logging, authentication, encryption, integrity, etc.
• Demonstrated experience managing vulnerabilities in both on-premises and cloud environments.
• Experience coordinating corporate-wide initiatives for obtaining security-related assurances.
• Familiarity with federal and state legal and regulatory requirements related to information security.
• Understand the advanced tenets of security risk management and defense-in-depth practices.
• The ability to combine pieces of information to form general rules or conclusions.

• Associate

• Full-time

• Information Technology
• Staffing and Recruiting

• Medical insurance
• Vision insurance
• 401(k)