<p>Starr Insurance Companies is a leading insurance and investment organization, providing commercial property and casualty insurance, including travel and accident coverage, to almost every imaginable business and industry in virtually every part of the world.</p> <p>Cornelius Vander Starr established his first insurance company in Shanghai, China in 1919. Today, we are one of the world's fastest growing insurance organizations, capable of writing in 128 countries on 6 continents.</p> <p>Position Summary</p> <p>We are seeking a highly skilled Vulnerability Management & Response Engineer for our enterprise vulnerability management program. This role is responsible for driving the identification, assessment, prioritization, and remediation of vulnerabilities across on-premises and cloud environments, ensuring risk-informed decisions and alignment with regulatory obligations including 23 NYCRR Part 500, GLBA, and NIST 800-40.</p> <p>You will work cross-functionally with Infrastructure, Development, Risk, and Compliance teams to maintain continuous coverage, meet remediation SLAs, and improve vulnerability management maturity through automation, reporting, and governance. The ideal candidate brings both deep technical experience and strong process and communication skills -along with a passion for driving operational security improvements at scale.</p> <p>Key Responsibilities</p> <ul> <li>Triage, assignment, and validation of vulnerability remediation tasks. </li><li>Maintain and enforce SLA-based remediation timelines (e.g., 7 days for Critical, 30 days for High). </li><li>Integrate vulnerability scanning and remediation workflows with SCCM, Intune, SOAR, SIEM, and ticketing systems. </li><li>Conduct quarterly reconciliation of scanner output with CMDB and asset inventories. </li><li>Maintain an auditable exception register with documented risk assessments and expiration controls. </li><li>Produce vulnerability metrics and reports (weekly, monthly, quarterly, and annually). </li><li>Facilitate quarterly working sessions to review SLA drift, backlog, and tool-to-tool integrations. </li><li>Support annual internal audit and regulatory review of VM program. </li><li>Provide thought leadership in improving vulnerability detection, automation, and remediation pipelines using Infrastructure as Code (IaC) practices. </li></ul> <p>Required Qualifications</p> <ul> <li>5+ years of hands-on experience in vulnerability management, security engineering, or similar role. </li><li>Strong experience with Tenable.io, Microsoft Defender for Endpoint, or other industry-standard scanning tools. </li><li>Deep understanding of vulnerability scoring systems (CVSS), threat intelligence correlation, and risk-based prioritization. </li><li>Experience leading or contributing to patching strategies using SCCM, Intune, or similar tools. </li><li>Familiarity with GRC and compliance frameworks (e.g., 23 NYCRR 500, NIST 800-40, CIS Controls, ISO/IEC 27001). </li><li>Strong documentation and process improvement skills. </li><li>Proven ability to collaborate across technical and non-technical teams. </li></ul> <p>Preferred Qualifications</p> <ul> <li>Experience with Terraform, CloudFormation, or other Infrastructure as Code (IaC) tools. </li><li>Experience integrating VM tools with SOAR, SIEM, or ticketing platforms like Remedyforce or ServiceNow. </li><li>Knowledge of container security, cloud-native security controls (Azure, AWS, GCP), and API-based vulnerability exposure. </li><li>Exposure to CMDB reconciliation and asset discovery in dynamic environments. </li><li>Experience presenting technical risk summaries to executive or audit stakeholders. </li></ul> <p>Starr is an equal opportunity employer, which means we'll consider all suitably qualified applicants regardless of gender identity or expression, ethnic origin, nationality, religion or beliefs, age, sexual orientation, disability status or any other protected characteristic. We recruit and develop our people based on merit and we're committed to creating an inclusive environment for all employees. We offer first class training and development opportunities to all employees. Our aim is to grow our own talent and bring out the best in people.</p>