Job Description

- Tenable Engineer

Position Overview

We are seeking a highly skilled Tenable Engineer to own and drive our enterprise vulnerability management program. The ideal candidate will be responsible for administering and optimising Tenable platforms, enabling risk-based vulnerability detection, reporting, and remediation in alignment with industry best practices and compliance frameworks.

Key Responsibilities

1. Vulnerability Management & Tenable Platform Ownership

Act as the primary administrator of Tenable.io, Tenable.sc, and Nessus platforms. Design, implement, and optimise scanning across servers, endpoints, network gear, OT/IoT, and cloud workloads. Maintain and update scan templates, connectors, and credential sets for accurate vulnerability detection. Continuously tune scanning profiles to reduce false positives and improve detection accuracy. Ensure comprehensive coverage of CVE, zero-day vulnerabilities, and configuration weaknesses.

2. Risk Analysis & Reporting

Analyse vulnerability data, prioritising based on CVSS scores, exploitability, and business impact. Develop frameworks for risk-based prioritisation to drive efficient remediation. Deliver actionable dashboards and reports to executives, SOC teams, and auditors. Translate technical vulnerabilities into business risk language for non-technical stakeholders.

3. Remediation & Collaboration

Collaborate with IT Ops, DevOps, Cloud, and Application teams to drive remediation. Track patching, compensating controls, and configuration hardening initiatives. Validate remediation efforts through re-scans and compliance verification. Escalate unresolved high-risk vulnerabilities to leadership.

4. Security Operations Integration

Support incident response for vulnerabilities under active exploitation. Align processes with compliance frameworks (e.g., MAS TRM, ISO 27001, NIST CSF, PCI-DSS, CIS Controls). Develop and maintain standard operating procedures, workflows, and playbooks.

5. Continuous Improvement & Future-Readiness

Proactively evaluate emerging vulnerabilities (e.g., Log4Shell, ProxyShell) and coordinate urgent responses. Integrate threat intelligence into vulnerability management decisions. Support adoption of cloud-native scanning tools (AWS Inspector, Azure Defender). Explore automation opportunities for patching, validation, and reporting.

Key Performance Indicators (KPIs)

Coverage: % of systems, endpoints, and cloud workloads actively scanned. Accuracy: Reduction in false positives and false negatives. Time-to-Remediate (TTR): Average time to remediate high/critical vulnerabilities. Compliance: Alignment with regulatory standards and audit readiness. Reporting: Timeliness and accuracy of executive-level dashboards and risk reports. Collaboration: Effectiveness in driving cross-team remediation initiatives. * Response Agility: Speed of addressing zero-day or high-profile vulnerabilities.