Overview ZeniMax is seeking an experienced Senior Vulnerability Management Engineer to mature and improve the existing Vulnerability Management program. This role is pivotal in identifying, assessing, and managing vulnerabilities across a wide array of systems, applications, and environments. The Senior Vulnerability Management Engineer will focus on proactively securing our infrastructure by mitigating risks, developing remediation strategies, and ensuring vulnerabilities are effectively managed throughout their lifecycle. They will work closely with cross-functional teams to ensure timely and effective remediation of security risks while driving continuous improvements in security practices. Responsibilities * Work as part of an existing vulnerability management team to manage the end-to-end vulnerability lifecycle, from identification to remediation and validation, across networks, operating systems, applications, and cloud environments within your purview. * Perform regular, comprehensive vulnerability scans using industry-leading tools (e.g. Tenable, Qualys, Rapid7, Microsoft Defender Vulnerability Management). Analyze scan results, categorize vulnerabilities based on risk, and ensure timely reporting to relevant stakeholders. * Prioritize vulnerabilities based on potential impact and exploitability, leveraging risk-based frameworks, CVSS scoring, and threat intelligence feeds to guide remediation efforts. * Develop and help implement patching strategies for identified vulnerabilities across systems and environments. * Work with partners to ensure security updates are applied in accordance with company policies and industry standards. * Act as the subject matter expert for handling zero-day vulnerabilities and critical security advisories. Work with relevant teams to mitigate immediate threats and implement long-term solutions. * Partner with IT, DevOps, business, and development teams to validate findings, assign remediation responsibilities, and ensure fixes are applied in a timely manner. * Provide technical guidance to teams on effective patching and risk mitigation strategies. * Create and maintain dashboards and reports to track vulnerability management KPIs, including open vulnerabilities, time to remediation, and risk exposure. * Present key insights to senior leadership and recommend actions based on evolving risks. * Ensure vulnerability management processes align with regulatory requirements and internal security policies. Provide data and reports for internal and external security audits. * Continuously assess and refine vulnerability management tools and processes. Stay updated on the latest vulnerability management trends, tools, and best practices to optimize scanning, detection, and remediation workflows. * Implement and manage automation solutions to streamline vulnerability detection, reporting, and remediation. Identify opportunities to integrate vulnerability management with other security and IT tools. Qualifications * 3+ years of experience in vulnerability management or a related information security role. * Demonstrable proficiency with vulnerability scanning and management platforms such as Tenable, Qualys, Rapid7, or similar. * Bachelor's degree in information security, Computer Science, a related field, or equivalent work experience. * Experience with risk-based vulnerability management, including threat modeling, CVSS scoring, and prioritization methodologies. * Solid understanding of operating systems (Windows, Linux, macOS) and network devices, including their security vulnerabilities. * Hands-on experience with patch management and remediation processes in complex environments. * Knowledge of cloud platforms (AWS, Azure, GCP) and associated vulnerabilities. * Familiarity with vulnerability disclosure programs and security advisories. * Strong analytical and problem-solving skills, with an ability to balance security needs with business impact. * Excellent written and verbal communication skills to articulate vulnerabilities and their potential impact to technical and non-technical audiences. * Ability to work independently and as part of a team. Preferred Skills * 6+ years of experience in vulnerability management or a related information security role. * Experience with deploying and maintaining Microsoft Defender Vulnerability Management. * Relevant security certifications (CISSP, CEH, GCIH, or similar). * Experience in automating vulnerability management tasks using scripting languages (e.g., Python, PowerShell). * Master's degree in Cybersecurity or related field. * Expertise in container and cloud-native application vulnerability scanning. * Knowledge of advanced threat detection techniques, including penetration testing or red teaming experience. * Proven experience working in diverse environments with a focus on vulnerability management compliance. * Experience with data visualization tools (e.g. Microsoft Power BI, Tableau) * Experience working in a collaborative, cross-functional team environment. * Proficiency utilizing scripting languages (preferably Python), API integrations, and process automation. * Familiarity with security compliance frameworks such as NIST, CIS, ISO 27001, and GDPR. Salary Range Senior Vulnerabilty Engineer - The typical base pay range for this position at the start of employment is expected to be between $100,000 - $215,000 per year. ZeniMax has different base pay ranges for different work locations within the United States, which allows us to pay employees competitively and consistently in different geographic markets. The range above reflects the potential base pay across the U.S. for this role; the applicable base pay range will depend on what ultimately is determined to be the candidate's primary work location. Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Base pay ranges are reviewed and typically updated each year. Offers are made within the base pay range applicable at the time. At ZeniMax certain roles are eligible for additional rewards, such as merit increases and discretionary bonuses. These awards are allocated based on individual performance and are not guaranteed. Benefits/perks listed here may vary depending on the nature of employment with ZeniMax and the country work location. U.S.-based employees have access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, wellbeing benefits, paid vacation time, paid sick and mental health time, and several paid holidays, among others. Applicant Privacy Notice ZeniMax Media California Applicant Privacy Notice E-Verification Notice E-Verify_Participation_Poster IER_Right_to_Work_Poster