Cybersecurity Engineer III

Job Description

Make a difference. Be happy. Grow your career.

The Role The Cybersecurity Engineer III supports the enterprise Cybersecurity program with a primary focus on combined Vulnerability Management and Red Team operations. This role is responsible for identifying, validating, and prioritizing security weaknesses through continuous vulnerability assessment, penetration testing, and adversary emulation activities. The position requires the ability to work independently with moderate supervision, collaborate across technical and business teams, and clearly communicate security risks and remediation guidance. The Cybersecurity Engineer III provides operational information security support to the enterprise, acting as a technical resource for infrastructure, application, and business teams.

This role works closely with Blue Team/SOC, Infrastructure Services, Application Development, Risk Management, and Internal Audit to improve the organization’s security posture through coordinated offensive and defensive security activities. The position conducts and documents vulnerability assessments, penetration tests, and red team engagements across networks, systems, applications, and cloud environments.

Assignments vary in scope and complexity and may include targeted testing, assumed breach scenarios, and validation of security controls. The Cybersecurity Engineer III identifies security risks, analyzes findings within the context of business impact, and provides actionable remediation recommendations. The role requires consistent documentation of methods, evidence, and conclusions so results can be reproduced and understood by both technical and non-technical stakeholders.

Key Responsibilities Execute and support enterprise vulnerability management activities including scanning, validation, risk scoring, prioritization, and remediation tracking. Conduct penetration testing and red team activities against networks, endpoints, applications, and cloud services to simulate real-world adversary techniques. Collaborate with Blue Team and SOC resources during purple team exercises to improve detection, response, and prevention capabilities.

Validate the effectiveness of security controls and compensating controls through hands-on testing and adversary emulation. Develop and maintain tools, scripts, and techniques to support automated and manual security testing.

Analyze vulnerabilities and exploitation paths, clearly articulating risk, likelihood, and potential business impact. Provide detailed technical reports and executive-level summaries of findings, including clear remediation guidance and risk-based prioritization. Support continuous improvement of vulnerability management processes, metrics, and reporting.

Partner with infrastructure, application, and cloud teams to support secure design, remediation validation, and architecture reviews. Stay current on emerging threats, attack techniques, exploitation frameworks, and defensive countermeasures. Participate in incident response activities by providing exploitation analysis, attacker tradecraft insights, and root-cause validation as needed.

Support compliance and risk management efforts by mapping findings to applicable frameworks and standards (e. g. , NIST, PCI-DSS, HIPAA, SOC 2).

Participate in on-call or after-hours activities as required to support testing, remediation validation, or incident response. Skills and Experience 6+ years of relevant experience in cybersecurity, vulnerability management, penetration testing, or red team operations. Hands-on experience with vulnerability scanning tools, exploitation frameworks, and manual testing techniques.

EWJD3