IT Engineer, Vulnerability Scanning Engineer

University of Maryland Division of Information Technology   College Park, MD   Full-time     Information Services / Technology (IT)
Posted on September 12, 2022
Apply Now
Position title: IT Engineer, Vulnerability Scanning Engineer
Position #: 127693

The Vulnerability Scanning Engineer works within the IT Security office of the Division of Information Technology (DIT) to lead the campus vulnerability management program. This position will investigate and implement new and different ways to improve and automate the vulnerability management lifecycle including but not limited to data ingestion & normalization, compliance metrics, and detections on IT systems. This position will maintain the campus vulnerability scanning environment to scan on-premise and cloud-based IT systems and will perform scheduled and ad-hoc vulnerability scans to comply with campus mandates, regulatory needs, and help determine the impact of newly discovered vulnerabilities to campus. This position will work closely with business and technical systems owners to understand their systems’ risks and develop remediation plans to resolve discovered vulnerabilities. This position will produce metrics and dashboards to demonstrate the risk reduction to IT systems from a successful vulnerability management program.

Minimum qualifications
  • Bachelor’s Degree or equivalent combination of education, technical certifications, and training, or work experience.
  • A minimum of three years of experience in information security, primarily focused on vulnerability scanning and vulnerability management
  • Experience with one or more of the following programming languages – Perl, Python, PHP, or PowerShell
  • Experience with vulnerability scanning tools such as Rapid7 Nexpose, Nessus, Tenable, Nmap
  • Experience with open source penetration testing tools such as Metasploit, Burp Suite, sqlmap, Bloodhound
Knowledge, Skills, and Abilities:
  • Understanding of a variety of technical concepts with a focus on cloud computing, automation, networking, systems administration, application development, and information security best practices
  • Understanding the techniques and goals of cyber-attackers
  • Able to effectively communicate about highly technical issues with technical and non-technical audiences
  • Understanding the concepts around Windows, Linux, macOS X system administration
    • A minimum of six years of broad experience in the field of IT
    • Experience as a Windows or Unix system administrator especially with Active Directory and utilizing patch management solutions
    • Experience in IT controls monitoring for regulatory and compliance requirements like PCI-DSS, NIST 800-171, HIPAA
    • Experience leading a vulnerability management program
    • Experience supporting security in cloud-based environments
    • Experience supporting cybersecurity in a Higher Education IT environment


Preferred Knowledge, Skills, and Abilities:
  • Proficiency with scripting languages (Python, Perl, Ruby, etc)
Preferred Certification:
  • Holds a profession certification such as GEVA, GPEN, GSEC, GCIH, CySA+, CEH, OSCP
Additional information: 
Benefits Included:


Salary range is $105,000 – $125,000.

**This position does not provide sponsorship for Visas.
Physical demands: 
Predominantly operates in an office environment and requires the ability to operate standard office equipment and keyboards. Must have the ability to lift and small carry parcels, packages, and other items and to walk short distances.

Best consideration date: 09/30/2022 or open until filled

Please apply at:

Vaccine protocol: The University of Maryland has made the safety of our students, faculty and staff, and our surrounding communities a top priority. As part of that commitment, the University System of Maryland (USM) recently announced that students, faculty, and staff on USM campuses this fall, including UMD, are required to be vaccinated against COVID. As a prospective and/or a new employee at UMD, you will be required to comply with the University’s vaccination protocol. Proof of full vaccination will be required before the start of employment in order to work at any University of Maryland location. Prospective or new employees may seek a medical or religious exemption to the vaccination requirement at and must have an approved exemption prior to the start of their employment. Failure to provide proof of vaccination or to obtain approval for a medical or religious exemption will result in the offer of employment being rescinded.
Background Check: Offers of employment are contingent on completion of a background check. Information reported by the background check will not automatically disqualify you from employment.