System Security Engineer

Company Description

Cignitix Global is a leading IT consulting and workforce fulfillment firm, providing services to both top businesses and government organizations. With over 5 years of experience, Cignitix Global has helped clients achieve their strategic objectives through innovative solutions. The company is renowned for its strong culture, clear values, and commitment to excellence, making it a market leader and a desirable place to work.

Security Engineer (Tenable / Purview)

DETAILS

Location: Remote

Position Type: 6M Contract (w/ likely extensions)

W2 position

JOB SUMMARY

Vaco is currently seeking a Security Engineer (Tenable / Purview) for a 6M Contract opportunity that is 100% remote. The Security Engineer (Tenable / Purview) must possess strong expertise in Tenable Vulnerability Management to address urgent patching, tooling cleanup, and remediation needs by the end of March, including hands-on work to stabilize and operationalize the vulnerability management process for repeatability and efficiency. The Security Engineer (Tenable / Purview) will also provide more broad information security engineering support across multiple 2025 roadmap projects involving security tooling, including MS Purview initiatives encountering issues that require attention and 2+ Trellix SIEM-related initiatives. The Security Engineer (Tenable / Purview) will work closely and collaboratively with internal leads to supplement the existing team capacity rather than replace skill gaps. The ideal Security Engineer (Tenable / Purview) must be capable of making a quick impact on Tenable-focused priorities while contributing to Purview and other security areas.

• Tenable Platform Engineering – Design / Deploy Enterprise Tenable Scanning Templates / Credentialed Scan Configurations / Custom Plugins to Achieve 95%+ Asset Coverage / Reduce False Positives by 30%+
• Vulnerability Remediation Automation – Build Automated Remediation Workflows in Tenable One Triggering ServiceNow Tickets / Patch Orchestration (SCCM / InTune) / Risk-Based Exception Approval Routing
• Vulnerability Reporting / Governance – Create Executive-Level Vulnerability Dashboards / Trend Reports Quantifying Risk Reduction / Mean-Time-to-Remediate / Compliance Posture for Leadership Reviews
• Purview DLP Optimization – Lead Root-Cause Analysis / Configuration Remediation for MS Purview DLP / Sensitivity Labeling Policies Generating Excessive Alerts or Blocking Legitimate Workflows
• Data Protection Architecture – Architect / Implement MS Purview Information Protection Solutions | Auto-Labeling / Endpoint DLP / Encryption at REST Aligned with 2025 Data Classification and Regulatory Requirements
• SIEM / Detection Engineering – Develop / Tune Trellix SIEM Correlation Rules / Use-Case Playbooks / SOAR Automations Integrating Tenable Vulnerability Data With Purview Audit Logs
• Security Platform Integration – Drive API-Level Integrations Across Tenable / MS Purview / Trellix SIEM / ITSM / Identity Platforms to Enable Closed-Loop Remediation
• Knowledge Transfer / Documentation – Deliver Hands-On Workshops and Develop Operational Runbooks to Enable Internal Teams to Sustain Vulnerability Management / Purview Operations

JOB REQUIREMENTS

• Vulnerability Management Platform – Tenable One (Tenable.io) | Asset Discovery / Policy Creation / Plugin Customization / API Automation / Tenable Lumin Exposure Scoring
• Scanning Infrastructure – Tenable Nessus Scanners (OnPrem / Cloud) / Nessus Agent Deployment at Scale
• SIEM / Security Analytics – Trellix SIEM / Helix (Rule Authoring / Dashboard Creation / Log Source Onboarding / SOAR Playbook Development)
• Automation – PowerShell / Python for Tenable API Automation / Purview Policy Deployment / SIEM Enrichment
• Identity Security – MS Entra ID (Conditional Access / PIM / Identity Protection Features)
• Security Integrations – RESTful API Integration Across Platforms (Tenable / Purview Graph API / Trellix API)
• ITSM Integration – ServiceNow for Vulnerability Ticket Lifecycle Automation
• Risk Scoring / Prioritization (knowledge) – Vulnerability Scoring Frameworks (CVSS 4.0 / EPSS / CISA KEV) / Risk-Based Prioritization Methodologies

PREFERRED (not required)

• Data Security / Compliance – MS Purview Compliance / Risk Suite (DLP / Sensitivity Labeling / Auto-Labeling / Information Protection [MIP] / Insider Risk Management / Purview Audit)
• Purview Policy Deployment
• Root-Cause Analysis / Configuration Remediation for MS Purview DLP