Vulnerability Management Engineer

About G2 - The Company

G2 is the world's largest and most trusted software marketplace. When you join G2, you’re joining the industry’s leading team that helps businesses reach their peak potential by powering decisions and strategies with trusted insights from real software users.

Now, we have joined forces with Capterra, SoftwareAdvice, and GetApp to create the largest source of online data and software insights to fuel intelligent buying in the age of AI. With 200M+ combined annual visitors and 6M verified reviews, we are now the centralized place to enable software buyers to make better and faster decisions with confidence.

And we are just getting started! We are setting out to transform the global B2B software industry and become the most trusted data foundation for buyers and sellers of software for the age of AI.

Does that sound exciting to you? Come join us as we try to reach our next PEAK!

About G2 - Our People

At G2, everything we are and what we do is grounded in our PEAK values— (Performance + Entrepreneurship + Authenticity + Kindness. Working at G2 means you are part of a value-driven, growing global community that climbs PEAKs together. We cheer for each other’s successes, learn from our mistakes, and support and lean on one another during challenging times. With ambition and entrepreneurial spirit we push each other to take on challenging work, which will help us all to grow and learn.

You will be part of a global, diverse team of smart, dedicated, and kind individuals - each with unique talents, aspirations, and life experiences. At the heart of our community and culture are our people-led ERGs, which celebrate and highlight the diverse identities of our global team. As an organization, we are intentional about our DEI and philanthropic work (like our G2 Gives program) because it encourages us all to be better people.

About The Role

The Vulnerability Management Engineer is responsible for identifying, prioritizing, and coordinating remediation of security vulnerabilities across infrastructure, Kubernetes workloads, applications, and SaaS platforms. This role ensures risk-based vulnerability management and supports continuous improvement through integration with SAST, SCA, and CI/CD tools.

In This Role, You Will: 

•  Responsibility Area: Vulnerability Identification & Assessment

• Administer and operate vulnerability scanning tools (e.g.,Hackerone, Cobalt, Invicti, AWS Inspector) to detect weaknesses in cloud, Kubernetes, endpoint, and application environments (25%)

• Perform scheduled and ad-hoc scans across infrastructure, container images, and SaaS platforms, including runtime security checks within K8s clusters (15%)

• Correlate scan results with threat intelligence, SBOM data, and business context to prioritize vulnerabilities for remediation (10%)

• Investigate platform vulnerabilities including critical SaaS platforms and make recommendations on remediation. Test and validate remediation or compensating control.

Responsibility Area: Remediation Coordination & Risk Communication

• Collaborate with platform, DevOps, and application teams to drive timely remediation using ticketing systems (e.g., Jira) and automation pipelines (20%)

• Track vulnerabilities across SaaS platforms, K8s workloads, container images, and IaC, integrating results from SAST and SCA tools into unified dashboards (10%)

• Conduct regular review sessions with engineering teams to validate fixes, discuss SLA adherence, and refine remediation playbooks (5%)

Responsibility Area: Tool Integration & Program Maturity

• Integrate vulnerability scanning tools and alerts into CI/CD pipelines using SAST/SCA platforms (e.g., Snyk, GitHub Advanced Security, Checkmarx) (10%)

• Enhance coverage of container and Kubernetes vulnerabilities using tools such as Trivy, Anchore, or Prisma Cloud (3%)

• Support compliance and audit processes by documenting vulnerability management controls and producing evidence of remediation activities (2%)

Minimum Qualifications:

We realize applying for jobs can feel daunting at times. Even if you don’t check all the boxes in the job description, we encourage you to apply anyway. 

•  3–5 years of experience in vulnerability management or security engineering roles

• Hands-on experience with vulnerability scanners (e.g. Invicti, AWS Inspector, Github dependabot, Cobolt, Hackerone) and container/K8s security tools (e.g., Trivy, Aqua, Prisma Cloud)

• Strong knowledge of CVSS scoring, risk-based prioritization, and security controls in cloud-native ecosystems

• Familiarity with SAST/SCA tools such as Snyk, GitHub Advanced Security, or Checkmarx

• Experience managing vulnerabilities across cloud platforms (AWS, GCP, or Azure), Linux/Windows, and third-party SaaS

Preferred:

• Experience integrating vulnerability management into DevOps pipelines and using IaC scanning tools

• Familiarity with ticketing and workflow systems like Jira, ServiceNow, and security orchestration tools

• Security certifications such as Security+, Kubernetes Security Specialist (CKS), or vendor-specific tool certs

Our Commitment to Inclusivity and Diversity

At G2, we are committed to creating an inclusive and diverse environment where people of every background can thrive and feel welcome. We consider applicants without regard to race, color, creed, religion, national origin, genetic information, gender identity or expression, sexual orientation, pregnancy, age, or marital, veteran, or physical or mental disability status. Learn more about our commitments here. 

--

For job applicants in California, the United Kingdom, and the European Union, please review this applicant privacy notice before applying to this job.

How We Use AI Technology in Our Hiring Process
G2 incorporates AI-powered technology to enhance our candidate evaluation process. These tools may assist with initial application screening, skills assessment analysis, and identifying candidates whose qualifications align with specific role requirements. While AI technology supports our recruitment workflow, all final hiring decisions remain under human oversight and judgment.

Your Choice Matters: If you would prefer that your application be reviewed without AI assistance, you can opt out by entering your email address in the email entry field at the bottom of the Automated Processing Legal Notice. Choosing to opt out will not disadvantage your application in any way—we will ensure your materials receive a thorough manual review by our hiring team.
For additional details about how we handle your information throughout the application process, please review G2's Applicant Privacy Notice.