Skills

Python JavaScript Bash PowerShell Risk Management Encryption DevOps Research Programming Databases Azure AWS cloud platforms GCP

Job Specifications

Overview:

The Security Engineer II - Threat and Vulnerability is responsible for identifying, assessing, and mitigating security risks across our environments. This role emphasizes detecting vulnerabilities, ensuring secure configurations, and driving remediation efforts to strengthen the firm’s overall security posture. The Security Engineer II leverages technical expertise, automation, and programming skills to improve the efficiency and accuracy of vulnerability detection, reporting, and response processes.

Responsibilities:

• Research, analyze, and evaluate emerging threats, vulnerabilities, and exploits across on-premises and cloud environments.

• Monitor and correlate threat intelligence feeds to identify relevant tactics, techniques, and procedures (TTPs).

• Apply frameworks such as MITRE ATT&CK, OWASP, and CVSS to assess severity, exploitability, and business impact.

• Identify, assess, and manage vulnerabilities across cloud platforms such as AWS, Azure, or GCP, including misconfigurations and exposed services.

• Utilize CSPM and CWPP tools like Prisma Cloud, Defender for Cloud, and Wiz to detect, track, and report vulnerabilities.

• Collaborate with cloud, DevOps, and IT teams to remediate vulnerabilities and integrate security controls into infrastructure and pipelines.

• Implement and maintain secure configuration standards across servers, endpoints, databases, network devices, and cloud resources.

• Perform regular configuration audits and compliance checks using frameworks such as CIS Benchmarks, NIST 800-53, and DISA STIGs.

• Develop and maintain automation scripts or integrations with Python, PowerShell, Bash, JavaScript to streamline scanning, reporting, and data correlation.

• Integrate vulnerability management tools with SIEM, SOAR, and ticketing systems via APIs to improve workflow efficiency.

• Create dashboards and data visualizations to enhance threat visibility and remediation tracking.

• Track and verify remediation progress, ensuring alignment with defined SLAs, risk priorities, and compliance requirements.

• Communicate technical findings, risks, and remediation guidance clearly to both technical and non-technical stakeholders.

Qualifications:

• Advanced understanding of security control environment such as access control, logging, authentication, encryption, integrity, etc.

• Demonstrated experience managing vulnerabilities in both on-premises and cloud environments.

• Experience coordinating corporate-wide initiatives for obtaining security-related assurances.

• Familiarity with federal and state legal and regulatory requirements related to information security.

• Understand the advanced tenets of security risk management and defense-in-depth practices.

• The ability to combine pieces of information to form general rules or conclusions.

About the Company

In St. Louis, there’s no better source for IT staffing than SyllogisTeks. We’ll put the right professional on the job, whether you need a short-term consultant or a direct hire employee. Our areas of expertise include business analysis, infrastructure management, information security, programming, systems administration and more. SyllogisTeks provides a wide variety of IT staffing opportunities at a diverse set of customers ranging from Fortune 500 to small and medium sized businesses located in the St. Louis area and beyond... Know more