Job summary The asset and vulnerability management cybersecurity engineer leads the discovery, classification, and protection of IT, OT, cloud, and SaaS assets across the enterprise. The engineer is responsible for operating and maturing the enterprise vulnerability management and exposure reduction program through continuous monitoring, integration with asset inventories and CMDB, risk-based prioritization, and close coordination with IT, and OT teams. This role helps ensure regulatory compliance, drives remediation activities, develops automation for scale, and provides clear reporting and risk context to leadership. This position will remain posted for two weeks. Work environment and schedule This position works a typical workweek schedule (Monday through Thursday or Monday through Friday) in a general office environment and may be eligible for hybrid workdays. The successful candidate should reside within a commutable distance of Fort Collins. Performing this work requires occasional physical effort to lift and carry light objects and is primarily sedentary; minimal walking or standing is required on an as-needed basis. Essential duties and responsibilities
- Maintain and enhance enterprise asset inventories for IT, OT, cloud, and SaaS systems, including automated discovery, metadata tagging, ownership assignments, and lifecycle classification.
- Integrate asset data with vulnerability management, SIEM, SOAR, and CMDB platforms.
- Operate, tune, and optimize enterprise vulnerability management platforms across environments.
- Conduct recurring vulnerability and exposure assessments using security posture management, container scanning, and configuration baselines.
- Analyze and enrich scan data using threat intelligence, KEV catalog, EPSS scoring, and attack-path context to drive risk-based prioritization.
- Partner with IT, OT, cloud, and application owners to drive timely remediation and document compensating controls or risk acceptances.
- Track and report remediation SLAs, MTTR, trending analysis, and closure rates.
- Support incident response by providing vulnerability context, exploitability assessments, and exposure insights.
- Provide technical guidance to improve patching, configuration baselines, secure builds, and automation workflows.
- Develop and maintain procedures, runbooks, and audit-ready documentation aligned to NIST CSF, CIS Controls, ISO 27001, and NERC CIP-002/005/007/010/013.
- Implement continuous monitoring using automated discovery, posture tools, and scanning pipelines.
- Build automated workflows (APIs, scripting, SOAR playbooks) for vulnerability ingestion, ticketing, compliance evidence, and dashboards.
- Develop dashboards and executive reports reflecting exposure levels, SLA adherence, risk trend analysis, and material vulnerabilities.
- Support audits by preparing evidence packages, control documentation, and remediation plans.
Knowledge, skills, and abilities
- Proficiency with vulnerability management tools (Tenable, Qualys, etc.) and asset discovery/CMDB tools (Flexera, ServiceNow, ManageEngine, etc.).
- Strong understanding of enterprise networks, cloud environments, container workloads, and OT/ICS.
- Ability to correlate vulnerability data with exploitability intelligence (EPSS, KEV, MITRE ATT&CK).
- Strong knowledge of NIST CSF, CIS Controls v8, and NERC CIP-002/005/007/010/013.
- Ability to communicate technical findings to diverse audiences and influence remediation outcomes.
Candidate qualifications Required criteria
- Education: Bachelor’s degree in cybersecurity, computer science, information technology, engineering, or equivalent experience.
- Work experience: At least three years of hands-on vulnerability management, exposure analysis, or cybersecurity engineering, preferably in critical infrastructure
Pay This position is an exempt role; salaries are paid bi-weekly and are annualized below for reference. Factors that may be used to determine actual salary include specific skills, years of experience, education, and certifications.
- Full range: $137,015 to $198,748
- Hiring range: $137,015 to $167,936