Vulnerability Management Specialist

The Vulnerability Management Specialist is a hands-on individual contributor responsible for executing Core Specialty’s vulnerability management program across endpoints, servers, cloud resources, and applications. This role focuses on continuous vulnerability scanning, risk analysis, remediation coordination, and reporting, working closely with IT, Infrastructure, Endpoint, and Threat teams.

The ideal candidate is highly analytical, detail-oriented, and comfortable operating in a metrics-driven, SLA-based environment, with the ability to translate technical findings into actionable remediation guidance.

The selected candidate will be required to work a hybrid schedule (3 days in office/2 remote) out of our Dallas, TX, or Cincinnati, OH office. No relocation assistance is being offered with this role.

Key Accountabilities/Deliverables:

• Conduct continuous vulnerability scanning across enterprise assets using Qualys and related tools.
• Analyze scan results to validate findings, remove false positives, and assess exploitability.
• Prioritize vulnerabilities using CVSS, Qualys Detection Score (QDS), asset criticality, and business impact.
• Enforce remediation SLAs aligned to severity levels: Critical: 7 days, High: 30 days, Medium: 60 days, Low: 180 days.
• Partner with Infrastructure, EUC, Cloud, and Application teams to drive timely remediation.
• Support remediation activities using Qualys, Intune, JAMF, PolicyPak, and Microsoft Defender.
• Ensure vulnerability management activities aligned with NIST, CIS Controls, ISO 27001, and insurance regulatory expectations.
• Partner with Threat Intelligence and SOC teams to assess vulnerability exposure related to active threats.
• Develop scripts (PowerShell) and workflows to support remediation, reporting, and validation.
  
  

Technical Knowledge and Understanding:

• Strong understanding of: CVSS scoring and risk prioritization, patch management and remediation workflows, endpoint, server, and cloud security fundamentals.
• Ability to analyze technical findings and communicate risk clearly to non-security teams.
• Strong documentation and organizational skills.
  
  

Experience required:

• 4 years of experience in vulnerability management, security engineering, or threat operations.
• Hands-on experience with vulnerability scanning platforms (Qualys preferred; Tenable/Rapid7 acceptable).
• Experience working with Intune, JAMF, or similar endpoint management tools.
  
  

Certifications (Preferred):

• CompTIA Security
• Qualys Vulnerability Management certifications
• GIAC certifications (e.g., GSEC, GCIH)
• CISSP (or progress toward certification)
  
  

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa for this position.

At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement. We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program