Back to jobs
New

ServiceNow Vulnerability Response Engineer

Northern Virginia

Job Title: ServiceNow Vulnerability Response Engineer

Position Summary

The ServiceNow Vulnerability Response (VR) Engineer is responsible for designing, implementing, and optimizing the Bureau's Enterprise Vulnerability Management Program (VMP) through the ServiceNow Security Operations platform. This role supports the engineering and enhancement of the Vulnerability Response (VR) application, integrating vulnerability data sources, automating remediation workflows, and improving enterprise vulnerability reporting.

The ideal candidate possesses deep experience with ServiceNow Security Operations, particularly the Vulnerability Response (VR) module, and understands how vulnerability management integrates with Security Incident Response (SIR), Governance, Risk, and Compliance (GRC), Configuration Management Database (CMDB), and enterprise security operations. This individual will collaborate with cybersecurity, infrastructure, application, and business stakeholders to ensure vulnerabilities are prioritized, tracked, remediated, and reported effectively using risk-based methodologies and automation.

Key Responsibilities

ServiceNow Vulnerability Response Engineering

  • Configure, administer, and enhance the ServiceNow Vulnerability Response (VR) application within the ServiceNow Security Operations platform.
  • Design and implement workflows that improve vulnerability identification, prioritization, assignment, remediation, and reporting.
  • Develop and maintain integrations between ServiceNow VR and enterprise vulnerability scanning platforms.
  • Configure business rules, workflows, forms, notifications, dashboards, and reporting to support vulnerability management operations.
  • Continuously improve platform functionality to increase operational efficiency and automation.

Enterprise Vulnerability Management

  • Support the organization's Enterprise Vulnerability Management Program (VMP) by improving vulnerability lifecycle management.
  • Integrate vulnerability findings from multiple scanning tools into ServiceNow to provide centralized visibility and workflow management.
  • Support risk-based vulnerability prioritization based on exploitability, business criticality, asset value, and operational impact.
  • Collaborate with remediation teams to ensure vulnerabilities are tracked through closure and validated appropriately.
  • Develop vulnerability reporting metrics and executive dashboards supporting organizational risk management.

Security Operations & GRC Integration

  • Support integration between ServiceNow Vulnerability Response (VR), Security Incident Response (SIR), Governance, Risk, and Compliance (GRC), CMDB, and other ServiceNow modules.
  • Coordinate with Security Operations, Risk Management, Compliance, and Infrastructure teams to improve operational workflows.
  • Ensure vulnerability management processes align with enterprise governance and cybersecurity policies.
  • Assist in documenting vulnerability management procedures and operational processes.

Automation & AI

  • Implement automation capabilities that improve vulnerability ingestion, enrichment, prioritization, and remediation workflows.
  • Utilize AI-enabled capabilities to identify high-risk vulnerabilities based on exploitability, threat intelligence, and business impact.
  • Research emerging automation and AI technologies that improve vulnerability management effectiveness and scalability.
  • Recommend workflow improvements that reduce manual effort and accelerate remediation activities.

Reporting & Continuous Improvement

  • Develop executive-level vulnerability reporting, operational dashboards, and compliance metrics.
  • Monitor program performance and recommend enhancements to vulnerability management processes.
  • Analyze trends to identify recurring weaknesses and opportunities to improve organizational security posture.
  • Maintain documentation supporting platform configuration, integrations, workflows, and operational procedures.

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field.
  • 5+ years of experience supporting enterprise Vulnerability Management Programs.
  • Extensive hands-on experience with:
    • ServiceNow Security Operations
    • ServiceNow Vulnerability Response (VR)
    • ServiceNow Security Incident Response (SIR)
    • ServiceNow Governance, Risk, and Compliance (GRC)
  • Experience integrating enterprise vulnerability scanners (such as Tenable, Qualys, Rapid7, or Microsoft Defender Vulnerability Management) with ServiceNow.
  • Strong understanding of vulnerability lifecycle management, remediation workflows, and risk-based prioritization.
  • Experience configuring ServiceNow workflows, dashboards, reporting, business rules, and automation.
  • Knowledge of vulnerability scoring methodologies, including CVSS, exploitability metrics, and business impact analysis.
  • Strong understanding of enterprise cybersecurity operations and vulnerability management best practices.
  • Excellent analytical, troubleshooting, and communication skills.

Preferred Qualifications

  • ServiceNow Certified System Administrator (CSA)
  • ServiceNow Certified Implementation Specialist – Vulnerability Response (CIS-VR)
  • ServiceNow Certified Implementation Specialist – Security Incident Response (CIS-SIR)
  • ServiceNow Certified Application Developer (CAD)
  • CISSP (Certified Information Systems Security Professional)
  • Experience supporting federal government cybersecurity programs.
  • Familiarity with AI-enabled vulnerability prioritization and automated remediation capabilities.
  • Experience integrating ServiceNow with enterprise CMDB, ITSM, and Security Operations platforms.

Knowledge, Skills, and Abilities

  • Deep knowledge of ServiceNow Security Operations, particularly Vulnerability Response (VR) and Security Incident Response (SIR).
  • Strong understanding of Governance, Risk, and Compliance (GRC) processes and their relationship to vulnerability management.
  • Ability to design scalable vulnerability management workflows that improve operational efficiency and accountability.
  • Experience developing executive dashboards, vulnerability reporting, and risk metrics.
  • Strong understanding of vulnerability scanning technologies, remediation processes, and enterprise risk management.
  • Ability to automate vulnerability workflows and improve operational maturity using ServiceNow capabilities.
  • Excellent collaboration skills with cybersecurity, infrastructure, compliance, application, and business teams.
  • Ability to translate business and operational requirements into effective ServiceNow security solutions.

 

 

Compensation & Benefits

  • Competitive salary
  • Employer-paid health insurance premiums (medical, dental, vision)
  • Employer-paid short/long term disability insurance and basic life/AD&D insurance
  • 401K with a 4% employer contribution
  • Professional development reimbursement options available (training, certification, education, etc)​
  • Flexible and remote work policies for most positions
  • Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually
  • 11 paid holidays per calendar year​

At SIXGEN, we are committed to fair and equitable compensation practices. The anticipated salary range for this role is $100,000 - $155,000 per year, depending on experience and qualifications. This range reflects our compensation philosophy, which takes into account various factors including the candidate's relevant experience, education, skills, LCATs rates and position level, and market competitiveness. In addition to base salary, employees may be eligible for other forms of compensation to include our growth incentive program, incentives and benefits. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Please note that this range is subject to change and should be considered as a guideline rather than a definitive figure.

We are committed to fostering an inclusive culture that values diversity in our people, reflecting the communities we serve and our customer base. We strive to attract and retain a diverse talent pool and create an environment where everyone is empowered to be their authentic selves at work.

SIXGEN is an Equal Opportunity Employer. We ensure that all applicants are considered for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.

 

Create a Job Alert

Interested in building your career at SixGen, Inc.? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in SixGen, Inc.’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.