Cloudflare

Vulnerability Management Engineer

Cloudflare

full-time

Posted on:

Location Type: Hybrid

Location: AustinTexasUnited States

Visit company website

Explore more

AI Apply
Apply

About the role

  • Conduct vulnerability scanning, and perform in-depth analysis of findings from scanning tools (e.g., Qualys, Nessus, Rapid7), to verify accuracy, identify systemic patterns, and filter out false positives.
  • Triage, validate and prioritise vulnerabilities using risk based approaches to determine real business impact, and working with engineering and compliance teams to agree remediation actions and timelines.
  • Develop, document, and deliver technical remediation guidance and solutions to enable application and infrastructure teams to remediate efficiently and consistently.
  • Support DOD IL4 and Fedramp preparation, by ensuring vulnerability management processes, evidence, reporting, and controls meet regulatory and assurance expectations.
  • Work closely with engineering and service teams to embed vulnerability management into delivery pipelines, operational processes and change management.
  • Establish strong relationships with engineering teams to track and report status and remediation progress.
  • Manage and track the remediation backlog, maintaining focus on risk reduction and measurable progress.
  • Contribute to the continuous improvement of vulnerability management standards, procedures, and playbooks, ensuring alignment with IL4, Fedramp and other compliance requirements.

Requirements

  • Solid understanding of DoD Impact level IL4, FedRAMP, SOC-2, and PCI frameworks.
  • 3+ years Vulnerability Management experience in a heavily regulated environment.
  • Bachelor's degree in Computer Science, Information Security, or security certifications in a related field.
  • Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with technical and non-technical teams.
  • A strong understanding of CVSS (Common Vulnerability Scoring System) and how to apply risk assessment methodologies in a business context to support remediation.
  • Hands-on experience with vulnerability scanning platforms (e.g., Qualys, Nessus, Rapid7 InsightVM).
  • Strong analytical skills to identify patterns in data and distinguish between theoretical risk and actual exploitability.
Benefits
  • Health insurance
  • Flexible work arrangements
  • Professional development opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability managementrisk assessmentremediation guidancedata analysispattern identificationrisk reductioncompliance alignmenttechnical documentationvulnerability scanning
Soft Skills
communicationinterpersonal skillscollaborationanalytical skills
Certifications
Bachelor's degree in Computer ScienceBachelor's degree in Information Securitysecurity certifications