Senior Vulnerability Management Engineer

Title; Senior Vulnerability Management Engineer

Location: WA-Tacoma

Salary;$118,560.00 - $166,920.00 Annually

Location;Tacoma, WA

Job Type;Non-Classified

Remote Employment;Flexible/Hybrid

Job Number;T0330-25A

Department;

Power

Position Description

Are you passionate about safeguarding critical infrastructure and operational systems from cyber threats? Are you looking to join a mission-driven team that values collaboration, technical excellence, and public service? If so, Tacoma Power invites you to explore this exciting opportunity!

We are seeking a highly skilled Senior Vulnerability Management Engineer to join our Cybersecurity Operations team within the Utility Technology Services (UTS) section. This position is classified as Information Technology Security Analyst, Senior. This pivotal role serves as a technical leader within TPU’s cybersecurity team, supporting the mission to safeguard enterprise IT and operational technology (OT) systems, including critical infrastructure, operational systems, and sensitive data from evolving cyber threats. This position plays a key role in proactively identifying, assessing, and mitigating vulnerabilities across TPU’s IT and OT environments.

This role leads the design, implementation, and continuous improvement of the TPU’s Vulnerability Management Program, including the configuration and tuning of vulnerability scanning tools, coordination of remediation activities with system owners and administrators, and integration of vulnerability intelligence into risk-based decision-making. The engineer ensures vulnerabilities are prioritized and remediated in alignment with business impact, exploitability, and regulatory requirements.

As a subject matter expert in vulnerability assessment, secure configuration, and endpoint protection practices, this position contributes to system and application hardening, supports secure architecture reviews, and advises on remediation and risk mitigation strategies. The engineer also plays a key role in maintaining the health and effectiveness of security platforms that enable vulnerability detection, endpoint detection and response (EDR), asset visibility, and configuration compliance across TPU’s hybrid IT/OT infrastructure.

Through mentorship of junior engineers and analysts, oversight of vulnerability lifecycle processes, and ownership of assigned NERC-CIP compliance responsibilities, this position supports the resilience and compliance of TPU’s essential services. This position directly influences the maturity and effectiveness of the cybersecurity operations program and strengthens TPU’s ability to manage risk and remain secure in the face of evolving threats.
 
  Job Responsibilities:

• Lead TPU’s Vulnerability Management (VM) Program: Identify and implement program and process areas for improvements, and revise annually or in response to new organizational, threat, and compliance-driven requirements to drive continual improvement of the VM Program, ensuring vulnerability-related risk is visible, prioritized, and effectively managed by the organization.
• Operate and maintain VM tools: Conduct vulnerability scans across IT and OT systems, analyze and validate results, maintain scanning tools, and create tickets for system owners. Communicate with VM Program stakeholders, consult on appropriate remediation strategies.
• Cybersecurity incident response: Support analysts and stakeholders in investigating alerts and contributing to active incident response processes using tools such as SIEM, EDR, and threat intelligence platforms.
• Procedure Development & Process Improvement: Drive program maturity by supporting regular updates to cybersecurity team plans, and procedure updates based on program data, industry best practices, and the cybersecurity strategic roadmap.

• Mentor and guide team members: Conduct informal coaching, shadowing, peer reviews, and feedback to build team capability, enhance knowledge transfer, and support succession planning.
• Develop and maintain internal documentation: Improve and maintain VM Plan, technical processes, and best practices guides to promote consistency, preserve institutional knowledge, and provide reference material that improves long-term team efficiency.
• Collaborate with stakeholders: Communicate with internal teams and business units during investigations to gather context, validate findings, and coordinate remediation and incident resolution.
• Support Regulatory Compliance (NERC-CIP): Maintain assigned CIP responsibilities by supporting documentation, audit readiness, and evidence gathering to ensure compliance with security standards.

 

Qualifications

 

Minimum Education*
Bachelor's degree in information technology, cybersecurity or directly related field

*Equivalency: 1 year of experience = 1 year of education

Minimum Experience*
4 years of progressively responsible information technology experience related to assignment

Licensing, Certifications and Other Requirements
 Security+ or related certification (GIAC GCIA, GIAC GCIH, CISSP)

As Assigned:
Washington State Driver's License

Depending on assignment, some positions may require the ability to pass additional background checks and / or obtain additional certifications, with maintenance thereafter

 

Knowledge & Skills

 

The ideal candidate thrives in a collaborative environment and works effectively as part of a cross-functional team supporting both enterprise IT systems and operational technology (OT) environments such as ICS and SCADA. The candidate should possess the following skills and certifications:

• Expertise with Vulnerability Management platforms (e.g., Rapid7, Qualys, Nessus).
•  Expertise with SIEM platforms (e.g., LogRhythm, Splunk)
• Experience managing and tuning EDR and application control platforms (e.g., Carbon Black, CrowdStrike)
•  Experience in vulnerability management work, including performing vulnerability assessments and remediation coordination.
•  Experience in conducting security investigations and incident response activities.
•  Strong understanding of MITRE ATT&CK, threat modeling, and TTP analysis.
•  Familiarity with scripting and automation (e.g., Python, PowerShell).
•  Strong communication, collaboration, and customer service skills.
•  Incident response leadership in enterprise environments.
•  Certifications: Security+, GIAC GCIA, GIAC GCIH, or equivalent.
•  Experience with NERC-CIP and other regulatory cybersecurity standards.

 

Compensation & Benefits

Pay Details: 

Annual Salary: $118,560.00 - $166,920.00

Employee Benefits | City of Tacoma

Tacoma Power 
Tacoma Power is an almost 100% hydroelectric, municipally-owned public power utility, located in Tacoma. We serve approximately 180,000 customers as one of the three operating divisions of Tacoma Public Utilities, alongside Tacoma Water and Tacoma Rail. As one of the most livable, walkable cities in the country, you'll find that Tacoma is a great fit for all interests with places to bike, run, hike, and explore, the perks of a big city, and the charm of a small town. We welcome you to take a look at our website and discover how the City of Tacoma can make your next career move part of our combined destiny: 

City of Tacoma’s Commitment to Diversity, Equity, and Inclusion

A Commitment to Equity & Diversity
   At the City of Tacoma, we're on a mission to make our workforce as diverse and inclusive as the community we serve. We actively seek out candidates from a wide range of backgrounds and cultures. Join our team at the City of Tacoma and help us build a more vibrant, inclusive, and equitable community for all.

If you have a less traditional background, we want to hear about your transferrable skills and experience. We value a variety of perspectives and are excited to see what you bring to the table.

The Community

Tacoma is centrally located just 32 miles south of the city of Seattle and 31 miles north of the state capital, Olympia. The City of Tacoma is also home to the Port of Tacoma, which is among the largest container ports in the United States. Like most cities in the northwest, Tacoma is surrounded by beautiful nature, offering residents many opportunities for outdoor adventures.

Largely suburban in nature with a small, but dense, urban core, Tacoma is home to numerous institutes of higher learning that attract students from across the country. The University of Washington Tacoma, Pacific Lutheran University, University of Puget Sound, a satellite campus of the Evergreen State College, three community/technical colleges, and several trade and business schools are within Tacoma's geographic area. Downtown's Cultural District is the site of the Washington State History Museum, Museum of Glass, the Tacoma Art Museum, and America's Car Museum.

With its affordable housing and distinctive neighborhoods and business districts, the city has been recognized numerous times as a best city to live in the nation. To see a few of the great things Tacoma has to offer, view this YouTube Video!

 

Application Process

Interested individuals should apply online by completing the application and attaching a resume and cover letter by the closing date and time listed on the job announcement. Applications received without attaching the required materials may not progress in the selection process. Applicants who have the strongest backgrounds related to the responsibilities of this position may be invited to participate in the interview process, which may include a work problem. Appointment is subject to passing a background check. 

Get Assistance

Communication with the City of Tacoma

We primarily communicate via email during the application process. Emails from Tacoma.gov and/or governmentjobs.com should be placed on your safe domain list to ensure that you receive notifications in a timely manner. As a precaution, you may also want to check your junk email folders.

Note: The provisions of this job announcement do not constitute an expressed or implied contract. Any provision contained herein may be modified and/or revoked