Threat and Vulnerability Management Engineer

Recruitment Fraud Alert

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

What to know:

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

Threat & Vulnerability Management Engineer

The Opportunity:

We are seeking a highly motivated Threat and Vulnerability Management Engineer to join our Information Security team. This individual will be part of the people, processes and technologies involved in aiding the Global Security program’s efforts to further the company’s strategic positioning with regards to Information Security. This role is critical in identifying, analyzing, and mitigating security threats and vulnerabilities across the enterprise. The ideal candidate will have a strong technical background, analytical mindset, and a passion for staying ahead of emerging threats. This individual will be responsible to work with cross functional teams and subject matter experts to assess risk, prioritize remediation efforts, and enhance the organization’s overall security posture.

 What you’ll do…

• Perform regular vulnerability assessments using industry-standard tools and methodologies across on-premises and cloud environments.
• Collaborate with IT, development, and business teams to validate findings and recommend remediation strategies.
• Monitor and report on the status of vulnerabilities, including tracking remediation progress and risk reduction metrics.
• Assist in the development and maintenance of vulnerability management policies, procedures, and standards.
• Support incident response activities by providing context and analysis related to vulnerabilities and threat indicators.
• Stay current with emerging threats, vulnerabilities, and security technologies to proactively identify risks.
• Contribute to security awareness initiatives by educating stakeholders on common vulnerabilities and mitigation strategies.
• Ensure transparency and visibility of team effectiveness through metrics, reporting, and communication with management and stakeholders.
• Continuous learning of security threat landscape and processes to protect the enterprise.
• Experience supporting regulatory compliance initiatives (e.g., FedRAMP, PCI-DSS, SOC2) by implementing controls to address compliance requirements and providing evidence to auditors/regulators
• Experience with developing/documenting Vulnerability Management processes and playbooks
• Ability to analyze large datasets and experience with data visualization/reporting tools (e.g., Splunk, Tableau, Excel)
• Familiarity with utilizing one or more scripting languages (e.g., Bash, Python, PowerShell) to automate vulnerability management activities such as scanner tool maintenance, data analysis, vulnerability triaging and remediation efforts
• Ability to analyze, validate, and evaluate a vulnerability to determine an appropriate risk prioritized severity.
• Provide technical remediation recommendations such as supporting patch deployment planning, authoring scripts, or providing specific configuration/code changes

Who you are?

• 2–4 years of experience in cybersecurity, with a focus on vulnerability management.
• Hands-on operational experience with managing vulnerability scanning tools such as Tenable, Qualys, Rapid7, or similar.
• Familiarity with threat frameworks (MITRE ATT&CK, CVSS, etc.).
• Strong understanding of operating systems, networking, and cloud platforms (AWS, Azure, GCP).
• Excellent analytical and problem-solving skills, with the ability to utilize APIs and scripting for task automation.
• Effective communication skills to convey technical findings to non-technical stakeholders.
• Relevant certifications such as Security+, CEH, GSEC, or equivalent are a plus

 You’ll love working here because...

• Continuous professional development, product training, and career pathing
• Annual health check-ups, Tuition Reimbursement
• An inclusive company culture, an opportunity to join our Community Guilds
• Personal accident cover and Term life cover

Ready to #makeyourmark at Commvault? Apply now!

#LI-VK