Job Directory Vulnerability Management Engineer - Senior or Lead

Vulnerability Management Engineer - Senior or Lead
Carrollton, TX

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.


Job Description

Job Description

Who We Are

Thomson Reuters is one of the world's most trusted provider of answers, helping professionals make confident decisions and run better businesses. Our customers operate in complex arenas that move society forward - law, tax, compliance, government, and media - and face increasing complexity as regulation and technology disrupts every industry.

What We Need

Thomson Reuters is looking for an experienced Vulnerability Management Engineer, who would be a part of the ISRM Enterprise Vulnerability Management Team. The team's ultimate goal is attack surface reduction of global computing assets through the identification and assessment of vulnerabilities. This role is responsible for engineering solutions to continuously improve detection and visibility of vulnerabilities across Thomson Reuters' digital footprint. In addition, this role is responsible for analysis of the data generated by the vulnerability management solutions, coordination with external stakeholders regarding their remediation effectiveness, and completion of day to day tasks associated with vulnerability management program.

Job Responsibilities

Review security vulnerabilities across diverse technologies and rapid changing environments, including on premise/cloud infrastructure, to determine risk rating of vulnerabilities to business assets.

Improve and automate upon existing vulnerability management lifecycle. Included, but not limited to, data ingestion & normalization, compliance metrics, and detections on ephemeral assets.

Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.

Provides analysis and validation post remediation, opportunities for improvements, and out of the box thinking for optimizations and solving road blocks.

Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform.

Interface with other ISRM organizations such as Governance, Risk, and Compliance, Security Operations / Incident Response, and Threat Intelligence to report on program status and coordinate risk tracking.

Demonstrated technical experience with:

Diverse Cloud Computing (AWS & Azure)

Understanding of Automation and Pseudocode via Python.

Network Switching and Routing (Cisco, Palo Alto), Familiarity of TCP/IP and associated protocols.

Advanced Understanding of Several Operating systems such as Windows Linux/UNIX Servers (Solaris, Red Hat Enterprise, Oracle Linux).


Understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, technology operations, and information security best practices.

Experience with data metrics & normalization with the ability to provide qualitative & quantitative analysis and recommendations.

Excellent verbal and written communication skills.

Excellent organizational and/or project ownership skills.

Ability to develop excellent working relationships with a variety of other enabling teams.

Excellent attention to detail, data accuracy, and data analysis.

Self-motivated and operates with a high sense of urgency and a high level of integrity.

Preferred, But Not Required

Professional experience in Information Security.

Vulnerability & Secure Code solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, or AppSpider.

Proficient in scripting languages preferably Python

Fundamental understanding of OWASP Top 10 Web application Security Risks

Previous operational, engineering, or development experience working in large scale environments with diverse technologies including Cloud technologies.

Certifications such as GIAC Security Essentials (GSEC), GIAC Web Application Penetration Tester (GWAPT)or CompTIA Security +.

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 25,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on


Carrollton-Texas-United States of America;Eagan-Minnesota-United States of America;Richmond-Virginia-United States of America

Req #: JREQ128145

Locations: Carrollton-Texas-United States of America|Eagan-Minnesota-United States of America|Richmond-Virginia-United States of America

Job Function: Technology Development

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.