Vulnerability Management Engineer

Vulnerability Management Engineer

Country: United States of America

Your Journey Starts Here:

Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success.

An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!

Position Summary:

The Vulnerability Management Engineer develops and maintains the enterprise vulnerability management lifecycle and scanning strategy to proactively identify and address security risks. Integrates security testing throughout the software development lifecycle (SDLC) accross both waterfall and agile environments to ensure secure application delivery. Provides strategic security guidance and escalation support for business-critital initiatives and change requests, aligning security governance with organizational priorities.
 
The Vulnerability Management Engineer reports to the  Chief Information Security Officer - CISO.

Position Duties / Responsibilities

Vulnerability Management
• Develop and maintain the enterprise vulnerability management lifecycle and scanning strategy.
• Schedule and perform authenticated and unauthenticated vulnerability scans (adhoc and periodic).
• Analyze scan results, prioritize vulnerabilities using CVSS and threat intelligence, and coordinate timely remediation.
• Align scan coverage with Configuration Management Database (CMDB) and asset inventory.
• Generate actionable reports and track metrics to demonstrate risk reduction and remediation progress.
• Continuously tune scanning processes and tools to improve accuracy and efficiency.

Application Security Testing
• Integrate security testing into the Software Development Lifecycle (SDLC) across waterfall and agile environments.
• Conduct Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Work with development and DevOps teams to remediate vulnerabilities found in source code, APIs, and open-source components.
• Define secure coding requirements and conduct code reviews for critical applications.
• Support threat modeling and secure design reviews for new applications and services.

Strategic and Governance Responsibilities
• Provide security guidance and escalation support for business-critical initiatives and change requests.
• Perform risk assessments and control gap analyses against internal security policies and frameworks (e.g., NIST CSF, ISO/IEC 27001).
• Support audits, regulatory reviews (e.g., SOX, GLBA), and related governance activities.
• Collaborate with global and local Information Security and IT teams to align vulnerability and application security standards.
• Develop and report meaningful KPIs/KRIs related to vulnerability and application security.

• Other duties as assigned or requested by immediate supervisor.

Education:

Bachelor’s degree required or equivalent experience 

Business Experience:

5 - 6 years of relevant experience or demonstrated required level of proficiency

Specialized and/or Technical Knowledge:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or equivalent practical experience.
• Hands-on experience with tools like Qualys, Nessus, Burp Suite, Fortify, Veracode, or similar platforms.
• Familiarity with CI/CD pipelines and integrating security testing tools into DevOps workflows.
• Solid understanding of operating systems (Windows, Linux), networking, and databases (Oracle, SQL Server).
• Knowledge of regulatory and security frameworks such as NIST, ISO 27001, OWASP, and PCI DSS.
• Experience with systems management tools (e.g., SCCM, Red Hat Satellite) and service management tools like ServiceNow.
• Strong analytical mindset with the ability to solve complex problems under pressure.
• Demonstrated ability to lead cross-functional initiatives with a high sense of accountability.
• High level of accuracy and attention to detail.
• Microsoft Excel, PowerPoint, Word, and Python.
• Excellent communications skills; written & verbal.
• Ability to work independently as well as collaboratively within a team environment.

Languages:

English, required. Spanish is a plus.

Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer Rights: Employer Rights: This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range

Minimum:

$80,625.00 USD

Maximum:

$132,500.00 USD

Link to Santander Benefits:

Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.