Track Lead - Qualys

Job Summary

The Lead Engineer is responsible for leading application-level vulnerability remediation identified through Qualys and Wiz.io. This role owns prioritization, remediation strategy, execution oversight, and audit readiness for application patching activities. OS patching is managed by Marsh Tech.

Job Title Lead Engineer – Application Patching & Vulnerability Remediation Role Summary The Lead Engineer is responsible for leading application-level vulnerability remediation identified through Qualys and Wiz.io. This role owns prioritization, remediation strategy, execution oversight, and audit readiness for application patching activities. OS patching is managed by Marsh Tech.

• Key Responsibilities• Lead and manage the application vulnerability backlog, prioritizing oldest and highest severity issues.
• Oversee planning, testing (non prod), and deployment of application patches and configuration fixes• Act as primary point of coordination with application owners, engineering teams, and security teams for code-level or complex remediations.
• Govern and approve change requests, ensuring remediation evidence and proper closure.
• Ensure vulnerability tracking tools and remediation dashboards are accurate and audit-ready• Maintain and continuously improve runbooks, playbooks, and remediation standards.
• Provide guidance and oversight to engineers handling application patching activities Required Skills & Experience• Strong experience leading application patching and vulnerability remediation initiatives.
• Hands-on expertise with Qualys and/or Wiz.io vulnerability findings.
• Solid knowledge of application architectures, dependencies, and security vulnerabilities.
• Strong understanding of ITSM / Change Management processes and tools (e.g., Service Now).
• Proven ability to lead cross functional remediation efforts and drive closure.Preferred\• Knowledge of OWASP Top 10• Experience supporting security audits and compliance reviews• Previous technical or security leadership experience

Key Responsibilities

• Key Responsibilities • Lead and manage the application vulnerability backlog, prioritizing oldest and highest severity issues.
• Oversee planning, testing (non prod), and deployment of application patches and configuration fixes.
• Act as primary point of coordination with application owners, engineering teams, and security teams for code-level or complex remediations.
• Govern and approve change requests, ensuring remediation evidence and proper closure.
• Ensure vulnerability tracking tools and remediation dashboards are accurate and audit-ready.
• Maintain and continuously improve runbooks, playbooks, and remediation standards.
• Provide guidance and oversight to engineers handling application patching activities.

Skill Requirements

• Strong experience leading application patching and vulnerability remediation initiatives.
• Hands-on expertise with Qualys and/or Wiz.io vulnerability findings.
• Solid knowledge of application architectures, dependencies, and security vulnerabilities.
• Strong understanding of ITSM / Change Management processes and tools (e.g., Service Now).
• Proven ability to lead cross functional remediation efforts and drive closure.

Other Requirements

Preferred • Knowledge of OWASP Top 10 • Experience supporting security audits and compliance reviews • Previous technical or security leadership experience