Posted today
Secret
Unspecified
No Traveling
IT - Security
Vulnerability Assessment Engineer
8-12 week contract
Location: Remote
Key Responsibilities
"Responsible for the end-to-end execution and delivery of enterprise-scale network vulnerability assessments. This role delivers high-fidelity findings through structured identification, analysis, and reporting – encompassing discovery, scanning, password auditing, advanced attack simulation (including brute-force and Markov chain techniques), and client-ready documentation. Execution occurs within strict scope boundaries, with emphasis on methodological integrity, technical accuracy, and clear communication of risk.”
Minimal Qualifications
Experience
• 3 to 5 years of related work experience in the following areas:
◦ Vulnerability assessment and vulnerability management
◦ Network security engineering
◦ Penetration testing
◦ Infrastructure or network engineering with security responsibilities
Certifications
• CompTIA Security+ -- foundational knowledge of network security, threat management, and vulnerability processes.
• Certified Ethical Hacker (CEH) -- understanding of attacker methodologies for identifying system weaknesses
• GIAC Vulnerability Assessment (GVA) -- expertise in scanning, analysis, prioritization, and remediation
Technical Proficiencies
• Demonstrable hands-on experience conducting network assessments: identification, scanning, triage and validation
• Experience with password auditing and recovery techniques (including mask, hybrid, and Markov approaches)
• Familiarity with Windows/Linux security internals, Active Directory, network protocols (TCP/IP, DNS, Kerberos), and common vulnerability classes
• Strong documentation skills – able to produce accurate, clear, and structured reports for both technical and non-technical audiences
• Understanding of scope, authorization boundaries, and ethical principles
Preferred Qualifications
Experience
• 5 to 8 years related work experience, including:
◦ Delivery of complex, multi-system vulnerability assessments
◦ Participation in or leadership of enterprise vulnerability management programs
◦ Development of assessment playbooks, templates, or validation procedures
Certifications
• Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester (GPEN)
• Offensive Security Certified Professional (OSCP)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
Technical Proficiencies
• Demonstrate hands-on experience performing vulnerability assessments across:
◦ Network infrastructure (routers, firewalls, switches)
◦ On-premises and cloud servers (Windows, Linus, cloud workloads)
◦ Security control platforms (e.g., WAFs, IDS/IPS, endpoint security)
• Hold at least one core industry recognized certifications
• Exhibit attention to detail, analytical problem-solving abilities, and clarity in technical communication
In closing we are looking for a candidate with an Engineering Mindset (Assessment-Centric)
• While not a general-purpose engineer, this role requires assessment engineering discipline:
◦ Design repeatable, auditable processes for discovery, scanning, and password analysis
◦ Adapt methodologies to match client environment complexity (e.g., hybrid cloud, legacy systems)
◦ Maintain assessment artifacts and evidence logs for quality assurance
◦ Ensure every finding is traceable, reproducible, and contextualized
8-12 week contract
Location: Remote
Key Responsibilities
"Responsible for the end-to-end execution and delivery of enterprise-scale network vulnerability assessments. This role delivers high-fidelity findings through structured identification, analysis, and reporting – encompassing discovery, scanning, password auditing, advanced attack simulation (including brute-force and Markov chain techniques), and client-ready documentation. Execution occurs within strict scope boundaries, with emphasis on methodological integrity, technical accuracy, and clear communication of risk.”
Minimal Qualifications
Experience
• 3 to 5 years of related work experience in the following areas:
◦ Vulnerability assessment and vulnerability management
◦ Network security engineering
◦ Penetration testing
◦ Infrastructure or network engineering with security responsibilities
Certifications
• CompTIA Security+ -- foundational knowledge of network security, threat management, and vulnerability processes.
• Certified Ethical Hacker (CEH) -- understanding of attacker methodologies for identifying system weaknesses
• GIAC Vulnerability Assessment (GVA) -- expertise in scanning, analysis, prioritization, and remediation
Technical Proficiencies
• Demonstrable hands-on experience conducting network assessments: identification, scanning, triage and validation
• Experience with password auditing and recovery techniques (including mask, hybrid, and Markov approaches)
• Familiarity with Windows/Linux security internals, Active Directory, network protocols (TCP/IP, DNS, Kerberos), and common vulnerability classes
• Strong documentation skills – able to produce accurate, clear, and structured reports for both technical and non-technical audiences
• Understanding of scope, authorization boundaries, and ethical principles
Preferred Qualifications
Experience
• 5 to 8 years related work experience, including:
◦ Delivery of complex, multi-system vulnerability assessments
◦ Participation in or leadership of enterprise vulnerability management programs
◦ Development of assessment playbooks, templates, or validation procedures
Certifications
• Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester (GPEN)
• Offensive Security Certified Professional (OSCP)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
Technical Proficiencies
• Demonstrate hands-on experience performing vulnerability assessments across:
◦ Network infrastructure (routers, firewalls, switches)
◦ On-premises and cloud servers (Windows, Linus, cloud workloads)
◦ Security control platforms (e.g., WAFs, IDS/IPS, endpoint security)
• Hold at least one core industry recognized certifications
• Exhibit attention to detail, analytical problem-solving abilities, and clarity in technical communication
In closing we are looking for a candidate with an Engineering Mindset (Assessment-Centric)
• While not a general-purpose engineer, this role requires assessment engineering discipline:
◦ Design repeatable, auditable processes for discovery, scanning, and password analysis
◦ Adapt methodologies to match client environment complexity (e.g., hybrid cloud, legacy systems)
◦ Maintain assessment artifacts and evidence logs for quality assurance
◦ Ensure every finding is traceable, reproducible, and contextualized
group id: 10529568
