Senior Security Engineer - Vulnerability Management en CARFAX

Join Team CARFAX as a Senior Security Engineer - Vulnerability Management

Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We’re more than just a company: We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment. 

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 2 days per week in our London, ON office subject to change with future business needs.

What you’ll be doing:

• Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting.
• Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements.
• Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities.
• Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities.
• Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs.
• Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort.
• Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly.
• Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders.
• Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs.
• Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit documentation and responses.
• Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues.
• Provide guidance to junior team members and support knowledge sharing within the cybersecurity team.

What we're looking for:

• Bachelor’s degree in computer science, Information Security, or a related field.
• Minimum of 5+ years of experience in cybersecurity, with at least 3–4 years focused on vulnerability management.
• Industry certifications such as CISSP, CEH, CompTIA Security+, or relevant vulnerability management credentials.
• Strong experience with vulnerability scanning tools (e.g., Qualys, Tenable Nessus, Rapid7 InsightVM).
• Solid understanding of vulnerability classification standards (e.g., CVSS, CWE, CAPEC) and security frameworks.
• Familiarity with patch management, system hardening, and configuration management tools and processes.
• Working knowledge of Linux, Windows, and macOS environments, including OS-level security controls.
• Understanding of networking protocols, firewalls, and network security best practices.
• Experience with compliance frameworks such as PCI-DSS, SOC II, or ISO 27001.
• Strong analytical and problem-solving skills, with the ability to assess complex environments and identify potential exposures.
• Excellent communication skills, with the ability to convey technical risk to both technical and non-technical stakeholders.
• Ability to manage multiple projects and tasks in a dynamic, fast-paced environment.

What’s in it for you:

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• 401(k)/DCPP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces
• For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits

Don’t just take our word for it:

• 10X Virginia Business Best Places to Work
• 10X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• St.Louis Post-Dispatch Best Places to Work