Vulnerability Operations Engineer

Posted by ICONMA, LLC

New York, NY

Permanent

Posted 4 days ago

Our client, a Media, Information and Services company, is looking for a Vulnerability Operations Engineer for their New York, NY/ Charlotte, NC /Hybrid location.

Responsibilities:

Client Cybersecurity Organization is seeking a Vulnerability Operations Engineer.
This role will own the engineering layer of our vulnerability management operations: the integrations, pipelines, dashboards, and AI-assisted workflows that turn raw tool output into actionable, business-unit-specific insight.
This role exists to relieve operational concentration risk on the vulnerability management function and to deliver visible AI-driven productivity gains across the security program.
Integration and automation across the security tooling stack, including data normalization, deduplication, and enrichment pipelines.
AI-assisted reporting pipelines that transform tool output into business-unit-specific narratives for monthly metric reviews, replacing manual report assembly.
LLM-integrated workflows for alert triage, vulnerability summarization, remediation guidance generation, and finding prioritization.
Evaluation, prototyping, and operationalization of emerging AI security tools including agentic testing platforms and AI-driven offensive security tooling with clear, evidence-based recommendations on what to adopt.
Ownership of the technical infrastructure behind monthly business unit metric reviews dashboards, data quality, and the pipeline from tool to executive-ready output.
Partnership with the vulnerability management lead to encode operational knowledge into automation, reducing single-person dependency on the function.
Contributing to the AI governance posture for security operations documenting prompts, model selection, validation approaches, and human-in-the-loop checkpoints.

Requirements:

5+ years in a security engineering, detection engineering, SOAR, or security automation role with significant production coding responsibility.
Strong Python skills, with demonstrated experience building integrations against REST APIs, working with structured data at scale, and shipping code to production.
Hands-on experience with at least two of: Tenable, CrowdStrike, Wiz, Qualys, Rapid7, Splunk, or equivalent enterprise security platforms.
Practical experience integrating LLMs into production workflows direct API usage (Anthropic, OpenAI, or equivalent), prompt engineering for production reliability, and an understanding of failure modes including hallucination, prompt injection, and cost management.
Comfortable working in CI/CD, infrastructure-as-code, and modern cloud environments.
Clear written communication capable of producing internal documentation, runbooks, and executive-ready summaries.
Experience with agent frameworks (LangChain, LlamaIndex, or equivalent) and with retrieval-augmented generation patterns applied to security data.
Background in SOAR development (Tines, Torq, Cortex XSOAR, Splunk SOAR) or detection-as-code workflows.
Familiarity with the security tooling vendor landscape and ability to make pragmatic build-vs-buy recommendations.
Prior work in a multi-tenant or multi-business-unit environment where data isolation and per-tenant reporting matter.
Exposure to AI security risks prompt injection, model abuse, data leakage and approaches to mitigating them in production systems.