Security Operations – Vulnerability Management Engineer

FlexTrade Systems is a global leader in high performance multi-asset execution management and order management systems for equities, fixed income, foreign exchange, futures, and options. A pioneer in the field, FlexTrade is internationally recognized for introducing FlexTRADER®, the world’s first broker-neutral, execution management trading system, which allows clients to completely control and customize their execution workflows through a comprehensive ability to search/access liquidity while maintaining the confidentiality of their trading strategies. 

About the Role

We are seeking an experienced Vulnerability Management Engineer to strengthen our Security Operations function. You will own the end‑to‑end vulnerability lifecycle—discovery, validation, prioritization, and remediation coordination—across servers, endpoints, cloud workloads, and network infrastructure. This role requires strong technical depth, a risk‑based mindset, and the ability to collaborate across multiple engineering teams.

Key Responsibilities

• Operate and enhance the enterprise Vulnerability Management Program.

• Perform authenticated scans and ensure complete asset coverage across on‑prem and cloud environments.

• Triage, validate, and prioritize vulnerabilities using CVSS, threat intelligence, and business context.

• Coordinate remediation with Infrastructure, Cloud, Network, and Application teams; track SLAs.

• Build dashboards and reports for leadership with KPIs such as coverage, SLA compliance, and risk reduction.

• Automate recurring tasks using scripts and APIs; integrate VM tools with CMDB, ITSM, and security platforms.

• Support audits, compliance requirements, and internal security reviews.

Required Skills & Experience

• 5–8+ years in Vulnerability Management, SecOps, or Infrastructure Security.

• Hands-on with tools such as Tenable, Qualys, Rapid7.

• Strong understanding of OS security (Windows/Linux), networks, cloud basics, and patch management.

• Experience with ITSM platforms (ServiceNow/Jira) and remediation workflows.

• Ability to communicate technical risks clearly to both technical and business stakeholders.

• Scripting knowledge (Python, PowerShell, or Bash) preferred.

Nice to Have

• Exposure to AWS/Azure/GCP security controls.

• Container/Kubernetes vulnerability scanning experience.

• Familiarity with threat intelligence (KEV, exploit maturity, EPSS).

• Certifications: Security+, CySA+, CEH, GSEC, CISSP (preferred but not mandatory).

• PowerBI Reporting Experience