Vulnerability Management & Response Engineer

Join Starr, a global leader in commercial insurance with over a century of expertise. We empower our employees to innovate, make impactful decisions, and build lasting client relationships worldwide. At Starr, you'll work in an entrepreneurial culture alongside accessible leaders, leveraging our financial strength and vast industry experience to deliver solutions for our clients, no matter how complex. Grow your career with a rapidly growing company that invests in its people and their ability to drive real progress.

Position Summary

We are seeking a highly skilled Vulnerability Management & Response Engineer to help operate and continuously improve our enterprise Vulnerability Management (VM) program. This role is responsible for owning core VM processes end-to-end—identification, assessment, prioritization, exception handling, remediation tracking, and validation—across on-premises and cloud environments using Tenable. The position drives risk-informed decisions and facilitates remediations with the asset owners.

This role will partner cross-functionally with Infrastructure, Development, Risk, and Compliance teams to maintain continuous scanning coverage, meet remediation SLAs, and mature the VM program through automation, reporting, and governance. The ideal candidate has proven experience running a Vulnerability Management program at enterprise scale, with hands-on Tenable administration and a track record of driving remediation outcomes with asset owners.

Key Responsibilities

• Own day-to-day operations of the Tenable platform (e.g., scan configuration, scheduling, coverage monitoring, credentials management, and results troubleshooting).
• Lead triage, assignment, and validation of vulnerability remediation tasks across infrastructure and application stakeholders.
• Define, maintain, and enforce SLA-based remediation, including escalation and executive reporting for SLA drift.
• Integrate Tenable findings and remediation workflows with SCCM, Intune, SOAR, SIEM, and ticketing systems to enable automated assignment, tracking, and validation.
• Conduct quarterly reconciliation of Tenable scanner output with CMDB and asset inventories to validate coverage, ownership, and data quality.
• Maintain an auditable exception register with documented risk acceptance, compensating controls, approvals, and expiration controls.
• Produce VM program metrics and reporting (weekly, monthly, quarterly, and annually), including risk trends, SLA performance, and remediation outcomes.
• Run a recurring VM governance cadence (e.g., quarterly working sessions) to review SLA drift, backlog health, scanner coverage, and tool-to-tool integrations.
• Support internal audit and regulatory review of the Vulnerability Management program by providing evidence, metrics, and control narratives.

Required Qualifications

• 5+ years of hands-on experience running an enterprise Vulnerability Management program (process, governance, metrics, and remediation outcomes), not just point-in-time scanning.
• Hands-on experience with Tenable, including scan configuration, credentialed scanning, reporting, and troubleshooting.
• Deep understanding of vulnerability scoring systems (CVSS), threat intelligence correlation, and risk-based prioritization to drive remediation sequencing.
• Experience leading or contributing to patching strategies using SCCM, Intune, or similar tools.
• Strong documentation and process improvement skills.
• Proven ability to collaborate across technical and non-technical teams.

Preferred Qualifications

• Experience integrating VM tools with SOAR, SIEM, or ticketing platforms like Remedyforce or ServiceNow.
• Knowledge of container security, cloud-native security controls (Azure, AWS, GCP), and API-based vulnerability exposure.
• Exposure to CMDB reconciliation and asset discovery in dynamic environments.
• Experience presenting technical risk summaries to executive or audit stakeholders.

Starr is an equal opportunity employer, which means we'll consider all suitably qualified applicants regardless of gender identity or expression, ethnic origin, nationality, religion or beliefs, age, sexual orientation, disability status or any other protected characteristic. We recruit and develop our people based on merit and we're committed to creating an inclusive environment for all employees. We offer first class training and development opportunities to all employees. Our aim is to grow our own talent and bring out the best in people.