What are the responsibilities and job description for the Vulnerability Management - Security SME / Architect - Sunnyvale, CA 94085 (100% Onsite) position at Jobs via Dice?
Role: Vulnerability Management - Security SME / Architect
Location: Sunnyvale, CA 94085 (100% Onsite)
Role Overview
The Security Subject Matter Expert (SME) Vulnerability Management is responsible for reviewing vulnerability management reports, validating findings, and providing hands-on remediation support across Application, Cloud, Infrastructure, and Security environments. This role serves as a technical advisor to engineering and security teams, ensuring vulnerabilities are accurately assessed, prioritized, and remediated in line with enterprise risk standards.
Key Responsibilities
Vulnerability Report Review & Analysis
Technical Skills
Location: Sunnyvale, CA 94085 (100% Onsite)
Role Overview
The Security Subject Matter Expert (SME) Vulnerability Management is responsible for reviewing vulnerability management reports, validating findings, and providing hands-on remediation support across Application, Cloud, Infrastructure, and Security environments. This role serves as a technical advisor to engineering and security teams, ensuring vulnerabilities are accurately assessed, prioritized, and remediated in line with enterprise risk standards.
Key Responsibilities
Vulnerability Report Review & Analysis
- Review vulnerability assessment reports from Application Security, Cloud Security, Infrastructure, and Endpoint scanning tools.
- Validate findings to identify false positives, duplicates, and non-actionable vulnerabilities.
- Analyze vulnerabilities based on severity, exploitability, asset criticality, and business impact.
- Support risk-based prioritization using CVSS, threat intelligence, exploit availability, and exposure context.
- Identify critical and high-risk vulnerabilities requiring immediate remediation.
- Provide technical input for risk acceptance, exception handling, and compensating controls.
- Provide clear, actionable remediation guidance for applications, cloud workloads, operating systems, middleware, containers, and network components.
- Work closely with Application Owners, Cloud Engineers, Infrastructure, DevOps, and Security teams to explain vulnerabilities and remediation steps.
- Support remediation validation through re-scans and verification activities.
- Act as a technical SME supporting Vulnerability Management, AppSec, Cloud Security, SOC, and Infrastructure teams.
- Participate in remediation review meetings, backlog reduction initiatives, and POD-based remediation efforts.
- Support Program Managers and Architects with technical insights and remediation status updates.
- Develop and maintain remediation runbooks, SOPs, and technical guidance documents.
- Assist with audit evidence preparation, compliance validation, and management reporting.
- Contribute to continuous improvement of vulnerability management processes.
Technical Skills
- Strong hands-on experience in Vulnerability Management and remediation.
- Working knowledge of:
- Application Security (SAST, DAST, SCA, API security)
- Cloud Security (AWS/Azure/Google Cloud Platform vulnerabilities, misconfigurations)
- Infrastructure & OS vulnerabilities (Windows, Linux, middleware, databases)
- Familiarity with vulnerability scanning and security tools (e.g., VM scanners, AppSec tools, CSPM/CNAPP platforms).
- Understanding of CVSS scoring, exploitability, and threat intelligence.
- Strong analytical and problem-solving skills.
- Ability to clearly explain technical vulnerabilities to engineering teams.
- Experience working in cross-functional, enterprise environments.
- Strong documentation and communication skills.
- Experience supporting large vulnerability backlogs and remediation PODs.
- Exposure to ITSM tools (e.g., ServiceNow) for vulnerability tracking.
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS, NIST).
- Security certifications (e.g., CEH, GWAPT, Google Cloud PlatformN, AWS Security, OSCP) are a plus.