Vulnerability Management - StateRAMP/FedRAMP - Remote

Position Overview:
• We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts.
• This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process.
• The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools.
• The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.

Position Duties:
• Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ
• May be necessary to manually run reports to verify remediation efforts were successful
• Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with
• Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances
• Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed
• Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future
• Assist with software deployments and upgrades. These may include, but not limited to
• Solventum application upgrades
• Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades
• Remediate vulnerabilities within SLA (Service Level Agreement) guidelines
• Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner
• Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)

Skills:Basic Qualifications:
• Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience
• Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management
• Security & Compliance Knowledge
• Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports
Preferred Qualifications:
• Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment

Soft Skills:
• Team Collaboration
• Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams.
• Willingness to share knowledge and support others in troubleshooting and remediation efforts.
• Communication
• Excellent written and verbal communication skills.
• Ability to clearly document findings, remediation steps, and compliance evidence.
• Problem Solving
• Analytical mindset with a proactive approach to identifying and resolving issues.
• Comfortable working independently and managing multiple priorities under tight deadlines.

Core Hours: 8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches.
Education: Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience

Apply Now

Apply Now

Ready to Apply?

Don't miss out on this amazing opportunity!