< Back To Jobs

Vulnerability Operations Engineer

Type:Contract
Location:Manhattan, NY
Salary: $75.00 - $80.00
Apply Now

Vulnerability Operations Engineer

Hybrid, NYC
Contract Role

Our client’s Cybersecurity Organization is seeking a Vulnerability Operations Engineer.

This role will own the engineering layer of our vulnerability management operations: the integrations, pipelines, dashboards, and AI-assisted workflows that turn raw tool output into actionable, business-unit-specific insight.

This role exists to relieve operational concentration risk on the vulnerability management function and to deliver visible AI-driven productivity gains across the security program.

This is a hybrid on-site position, with a requirement to be in the NYC office three times per week.

Responsibilities:

  • Integration and automation across the security tooling stack, including data normalization, deduplication, and enrichment pipelines.
  • AI-assisted reporting pipelines that transform tool output into business-unit-specific narratives for monthly metric reviews, replacing manual report assembly.
  • LLM-integrated workflows for alert triage, vulnerability summarization, remediation guidance generation, and finding prioritization.
  • Evaluation, prototyping, and operationalization of emerging AI security tools — including agentic testing platforms and AI-driven offensive security tools with clear, evidence-based recommendations on what to adopt.
  • Ownership of the technical infrastructure behind monthly business unit metric reviews — dashboards, data quality, and the pipeline from tool to executive-ready output.
  • Partnership with vulnerability management leads to encoding operational knowledge into automation, reducing single-person dependency on the function.
  • Contributing to the AI governance posture for security operations — documenting prompts, model selection, validation approaches, and human-in-the-loop checkpoints.

Required Qualifications:

  • 5+ years in security engineering, detection engineering, SOAR, or security automation role with significant production coding responsibility.
  • Strong Python skills, with demonstrated experience building integrations against REST APIs, working with structured data at scale, and shipping code to production.
  • Hands-on experience with at least two of: Tenable, CrowdStrike, Wiz, Qualys, Rapid7, Splunk, or equivalent enterprise security platforms.
  • Practical experience integrating LLMs into production workflows — direct API usage (Anthropic, OpenAI, or equivalent), prompt engineering for production reliability, and an understanding of failure modes including hallucination, prompt injection, and cost management.
  • Comfortable working in CI/CD, infrastructure-as-code, and modern cloud environments.
  • Clear written communication — capable of producing internal documentation, runbooks, and executive-ready summaries.

Preferred Qualifications:

  • Experience with agent frameworks (LangChain, LlamaIndex, or equivalent) and with retrieval-augmented generation patterns applied to security data.
  • Background in SOAR development (Tines, Torq, Cortex XSOAR, Splunk SOAR) or detection-as-code workflows.
  • Familiarity with the security tooling vendor landscape and ability to make pragmatic build-vs-buy recommendations.
  • Prior work in a multi-tenant or multi-business-unit environment where data isolation and per-tenant reporting matter.
  • Exposure to AI security risks — prompt injection, model abuse, data leakage — and approaches to mitigating them in production systems.