Senior Exposure Management Engineer, IS Security, Days, Fully Remote

Responsibilities

The Sr Exposure Management Engineer leads the development of risk-based exposure models and the integration of vulnerability, asset and detection telemetry across Norton Healthcare’s hybrid environment. This role creates prioritization logic, automates workflows, correlates threat intelligence with asset data, and works with engineering and detection teams to reduce real-world risk. The engineer evaluates vulnerabilities through a threat-informed lens, incorporating asset criticality, exploitability, detection coverage and business impact. The Sr Exposure Management Engineer drives automation, enhances asset intelligence, supports incident response with exposure context, and advances the maturity of the exposure management program.

** This position offers a fully remote work opportunity. Employees in this role must reside in one of the following states to be considered for fully remote positions: Kentucky, Indiana, Missouri, Ohio, Tennessee, Alabama, Virginia, Mississippi, North Carolina, South Carolina**

Qualifications

Required

•

With a Bachelor degree - Five years of experience in cybersecurity vulnerability management, detection engineering or threat intelligence, with demonstrated experience correlating exposure data across multiple platforms. Strong understanding of vulnerability scoring systems (CVSS, EPSS), exploit data sources, asset classification, detection telemetry and hybrid infrastructure. Experience with automation, scripting or data modeling (Python, PowerShell, KQL, or similar).

•

Without a Bachelor degree - Seven years of the above.

Desired

•

Seven years of experience in cybersecurity vulnerability management, detection engineering or threat intelligence, with demonstrated experience correlating exposure data across multiple platforms. Strong understanding of vulnerability scoring systems (CVSS, EPSS), exploit data sources, asset classification, detection telemetry and hybrid infrastructure. Experience with automation, scripting or data modeling (Python, PowerShell, KQL, or similar).

•

SC-100, GSOA or GOSI, CISSP, Relevant vendor or platform certifications.

The Sr Exposure Management Engineer leads the development of risk-based exposure models and the integration of vulnerability, asset and detection telemetry across Norton Healthcare's hybrid environment. This role creates prioritization logic, automates workflows, correlates threat intelligence with asset data, and works with engineering and detection teams to reduce real-world risk. The engineer evaluates vulnerabilities through a threat-informed lens, incorporating asset criticality, exploitability, detection coverage and business impact. The Sr Exposure Management Engineer drives automation, enhances asset intelligence, supports incident response with exposure context, and advances the maturity of the exposure management program.

** This position offers a fully remote work opportunity. Employees in this role must reside in one of the following states to be considered for fully remote positions: Kentucky, Indiana, Missouri, Ohio, Tennessee, Alabama, Virginia, Mississippi, North Carolina, South Carolina**

Required

•

With a Bachelor degree - Five years of experience in cybersecurity vulnerability management, detection engineering or threat intelligence, with demonstrated experience correlating exposure data across multiple platforms. Strong understanding of vulnerability scoring systems (CVSS, EPSS), exploit data sources, asset classification, detection telemetry and hybrid infrastructure. Experience with automation, scripting or data modeling (Python, PowerShell, KQL, or similar).

•

Without a Bachelor degree - Seven years of the above.

Desired

•

Seven years of experience in cybersecurity vulnerability management, detection engineering or threat intelligence, with demonstrated experience correlating exposure data across multiple platforms. Strong understanding of vulnerability scoring systems (CVSS, EPSS), exploit data sources, asset classification, detection telemetry and hybrid infrastructure. Experience with automation, scripting or data modeling (Python, PowerShell, KQL, or similar).

•

SC-100, GSOA or GOSI, CISSP, Relevant vendor or platform certifications.