Senior Security Engineer - Vulnerability Management jobs in United States
cer-icon
Apply on Employer Site
company-logo

CARFAX · 3 hours ago

Senior Security Engineer - Vulnerability Management

positionCentreville, VA
timeFull-time
remoteHybrid
senioritySenior Level
date5+ years exp

CARFAX is a company focused on helping consumers make informed decisions through accurate vehicle history information. The Senior Security Engineer - Vulnerability Management will play a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures, while collaborating with various teams to integrate security best practices into operations.

Automotive
check
Work & Life Balance
check
H1B Sponsor Likelynote

Responsibilities

Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting
Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements
Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities
Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities
Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs
Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort
Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly
Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders
Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs
Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit documentation and responses
Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues
Provide guidance to junior team members and support knowledge sharing within the cybersecurity team

Qualification

Vulnerability managementVulnerability scanning toolsCybersecurity experienceIndustry certificationsCompliance frameworksAnalytical skillsCommunication skillsProblem-solving skillsProject managementTeam collaboration

Required

Bachelor's degree in computer science, Information Security, or a related field
Minimum of 5+ years of experience in cybersecurity, with at least 3–4 years focused on vulnerability management
Industry certifications such as CISSP, CEH, CompTIA Security+, or relevant vulnerability management credentials
Strong experience with vulnerability scanning tools (e.g., Qualys, Tenable Nessus, Rapid7 InsightVM)
Solid understanding of vulnerability classification standards (e.g., CVSS, CWE, CAPEC) and security frameworks
Familiarity with patch management, system hardening, and configuration management tools and processes
Working knowledge of Linux, Windows, and macOS environments, including OS-level security controls
Understanding of networking protocols, firewalls, and network security best practices
Experience with compliance frameworks such as PCI-DSS, SOC II, or ISO 27001
Strong analytical and problem-solving skills, with the ability to assess complex environments and identify potential exposures
Excellent communication skills, with the ability to convey technical risk to both technical and non-technical stakeholders
Ability to manage multiple projects and tasks in a dynamic, fast-paced environment

Benefits

Competitive compensation, benefits and generous time-off policies
4-Day summer work weeks and a winter holiday break
401(k)/DCPP matching
Annual bonus program
Casual, dog-friendly, and innovative office spaces

Company

CARFAX

twittertwittertwitter
Glassdoor3.7
company-logo
CARFAX provides vehicle history for used car buyers, sellers, and the automotive industry.
dateFounded in 1986
location
Centreville, Virginia, USA
people-size1001-5000 employees
web-link
https://www.carfax.com/

H1B Sponsorship

CARFAX has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (18)
2024 (25)
2023 (11)
2022 (23)
2021 (24)
2020 (27)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Bill Eager
Chief Executive Officer
linkedin
leader-logo
Nakul Goyal
Vice President of Growth
linkedin

Recent News

PR Newswire
CARFAX: Highest Used Car Prices In 18 Months - Some Older Models Close in Price To New Models
2025-11-04
EIN Presswire
Kenect and CARFAX Launch Partnership to Accelerate Dealer Reputation Growth
2025-10-09
PR Newswire
CARFAX: EV and Hybrid Sales Surge as Federal Tax Credit Nears End
2025-09-25
Company data provided by crunchbase