CoalfireCO

Senior ConMon Engineer

Coalfire is a cybersecurity advisor that helps private and public-sector organizations avert threats, close gaps, and effectively manage risk. They provide independent, tailored advice, assessments, technical testing, and cyber engineering services to help clients develop scalable programs that improve their security posture and achieve business objectives.

Coalfire

Employee count: 1001-5000

Salary: 86k-148k USD

United States only

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

We’re looking for a Senior Continuous Management Engineer to lead and enhance vulnerability management processes, driving compliance and security in cloud-based environments. If you’re driven by a desire to innovate, excel at operational excellence, and thrive in a collaborative environment, come be part of a team committed to making the world a safer place.

What You'll Do

  • Provide senior-level oversight for enterprise vulnerability management tools (for example, Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring they remain updated and fully operational
  • Lead the execution of regular and on-demand scans across a variety of environments (operating systems, databases, web applications, containers), then collaborate with technical teams (for example, SRE and client administrators) to prioritize and remediate vulnerabilities
  • Serve as a key point of contact for monthly reporting on open vulnerabilities, vendor dependencies, and operational requirements, delivering clear data-driven updates to clients
  • Offer strategic, risk-based recommendations to improve vulnerability posture, aligning remediation with organizational and compliance objectives
  • Work closely with cross-functional teams to refine and integrate vulnerability management processes in cloud environments (AWS, Azure, GCP)
  • Enhance internal standards, processes, and documentation for vulnerability management, including training materials, standard operating procedures, and best practices
  • Lead or support security assessment and authorization initiatives to ensure adherence to compliance frameworks such as FedRAMP, HITRUST, and PCI

What You'll Bring

  • 5–7 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
  • Extensive background in managing vulnerabilities across operating systems, databases, networks, containers, web applications, and APIs
  • Experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP, with a proven track record of integrating tools into cloud workflows
  • Involvement with at least one compliance framework (for example, FedRAMP, HITRUST, PCI), contributing to security assessments and risk-based reporting
  • Demonstrated success producing periodic vulnerability status reports, ensuring timely remediation efforts and accountability across multiple stakeholders
  • Advanced administrative understanding of AWS, Azure, or GCP
  • Strong expertise in vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS)
  • Excellent communication, organizational, and documentation skills, with the ability to convey technical findings and remediation plans to both internal teams and clients
  • Demonstrated ability to coordinate and influence technical teams, fostering collaboration for effective vulnerability mitigation
  • Proficiency in scripting (for example, Python, PowerShell) for automating tasks and scaling vulnerability management solutions
  • Familiarity with defining and enforcing baseline configuration standards (for example, CIS Benchmarks) and presenting compliance findings
  • Professional/Expert level certifications in Azure or AWS or GCP
  • Security-focused cloud certifications for Azure or AWS or GCP

Bonus Points

  • Security+
  • CISSP
  • Terraform

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Senior

Salary

Salary: 86k-148k USD

Location requirements

Hiring timezones

United States +/- 0 hours

About Coalfire

Learn more about Coalfire and their company culture.

View company profile

Coalfire's customers operate in a world where cyber threats are constantly evolving and the security of their digital assets is paramount. Many organizations struggle to navigate the complex landscape of cybersecurity and compliance, facing challenges such as managing vulnerabilities, meeting stringent regulatory requirements like FedRAMP, PCI, HITRUST, ISO, SOC, and CMMC, and securing their cloud environments. This is why Coalfire provides a comprehensive suite of cybersecurity and compliance services, designed to help businesses avert threats, close security gaps, and effectively manage cyber risk. Our customers need to ensure their operations are secure and compliant so they can focus on their core business objectives and drive innovation. We partner with them to develop scalable security programs that not only improve their security posture but also fuel their continued success. Whether it's through independent and tailored advice, thorough assessments, technical testing, or cyber engineering services, Coalfire empowers clients to understand the vulnerabilities and threats their organization faces.

Our clients, which include Fortune 500 companies, cloud service providers, and organizations in sectors like technology, healthcare, finance, and retail, are looking for ways to simplify compliance, reduce risk, and keep their businesses secure. Coalfire addresses these needs by offering expert advisory for global Governance, Risk, and Compliance (GRC) frameworks, a range of cybersecurity services including penetration testing and threat and vulnerability management, and compliance automation through our proprietary platforms. We understand that for many, especially those migrating to or operating in the cloud, the journey can be complex. That's why we offer specialized services like our Accelerated Cloud Engineering (ACE) to help clients deploy FedRAMP-compliant environments efficiently. Our focus on DevSecOps platforms and services aims to integrate security into the development lifecycle, supporting numerous AppSec projects. By providing solutions and services to some of the largest hyperscale Cloud Service Providers and leading SaaS companies, we help our customers leverage security and compliance to their advantage, enabling them to innovate and differentiate themselves in the market.

Claim this profileCoalfire logoCO

Coalfire

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

24 remote jobs at Coalfire

Explore the variety of open remote roles at Coalfire, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Coalfire

Remote companies like Coalfire

Find your next opportunity by exploring profiles of companies that are similar to Coalfire. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan