Job Title: Vulnerability Operations Engineer
Location: Hybrid; Charlotte, NC or New York, NY
Contract length: 6 months then conversion
Schedule: Fulltime, 40 hrs/week
Pay: $75/hr to $80/hr

Job Overview:
Our client's cybersecurity department is seeking a Vulnerability Operations Engineer. This role will own the engineering layer of our vulnerability management operations: the integrations, pipelines, dashboards, and AI-assisted workflows that turn raw tool output into actionable, business-unit-specific insight. This role exists to relieve operational concentration risk on the vulnerability management function and to deliver visible AI-driven productivity gains across the security program. This is a hybrid on-site position, with a requirement to be in office three times per week.

Job Responsibilities:

• Integration and automation across the security tooling stack, including data normalization, deduplication, and enrichment pipelines
• AI-assisted reporting pipelines that transform tool output into business-unit-specific narratives for monthly metric reviews, replacing manual report assembly
• LLM-integrated workflows for alert triage, vulnerability summarization, remediation guidance generation, and finding prioritization
• Evaluation, prototyping, and operationalization of emerging AI security tools--including agentic testing platforms and AI-driven offensive security tooling--with clear, evidence-based recommendations on what to adopt
• Ownership of the technical infrastructure behind monthly business unit metric reviews--dashboards, data quality, and the pipeline from tool to executive-ready output
• Partnership with the vulnerability management lead to encode operational knowledge into automation, reducing single-person dependency on the function
• Contributing to the AI governance posture for security operations--documenting prompts, model selection, validation approaches, and human-in-the-loop checkpoints

• 5+ years in a security engineering, detection engineering, SOAR, or security automation role with significant production coding responsibility
• Strong Python skills, with demonstrated experience building integrations against REST APIs, working with structured data at scale, and shipping code to production
• Hands-on experience with at least two of the following: Tenable, CrowdStrike, Wiz, Qualys, Rapid7, Splunk, or equivalent enterprise security platforms
• Practical experience integrating LLMs into production workflows--direct API usage (Anthropic, OpenAI, or equivalent), prompt engineering for production reliability, and an understanding of failure modes including hallucination, prompt injection, and cost management
• Comfortable working in CI/CD, infrastructure-as-code, and modern cloud environments
• Clear written communication--capable of producing internal documentation, runbooks, and executive-ready summaries

• Experience with agent frameworks (LangChain, LlamaIndex, or equivalent) and with retrieval-augmented generation patterns applied to security data
• Background in SOAR development (Tines, Torq, Cortex XSOAR, Splunk SOAR) or detection-as-code workflows
• Familiarity with the security tooling vendor landscape and ability to make pragmatic build-vs-buy recommendations
• Prior work in a multi-tenant or multi-business-unit environment where data isolation and per-tenant reporting matter
• Exposure to AI security risks--prompt injection, model abuse, data leakage--and approaches to mitigating them in production systems