• Senior Vulnerability Management Engineer

    City of Tacoma WA (Tacoma, WA)


    

     

    Senior Vulnerability Management Engineer

     

    Salary

     

    $118,560.00 - $166,920.00 Annually

     

    Location

     

    Tacoma, WA

     

    Job Type

     

    Non-Classified

     

    Remote Employment

     

    Flexible/Hybrid

     

    Job Number

    T0330-25A

    Department

     

    Power

     

    Division

     

    Power - Utility Technology Services

     

    Opening Date

     

    11/04/2025

     

    Closing Date

     

    11/18/2025 5:00 PM Pacific

     

    + Description

    + Benefits

    + Questions

    Position Description

    Are you passionate about safeguarding critical infrastructure and operational systems from cyber threats? Are you looking to join a mission-driven team that values collaboration, technical excellence, and public service? If so, Tacoma Power invites you to explore this exciting opportunity!

     

    We are seeking a highly skilled Senior Vulnerability Management Engineer to join our Cybersecurity Operations team within the Utility Technology Services (UTS) section. This position is classified as Information Technology Security Analyst, Senior. This pivotal role serves as a technical leader within TPU’s cybersecurity team, supporting the mission to safeguard enterprise IT and operational technology (OT) systems, including critical infrastructure, operational systems, and sensitive data from evolving cyber threats. This position plays a key role in proactively identifying, assessing, and mitigating vulnerabilities across TPU’s IT and OT environments.

     

    This role leads the design, implementation, and continuous improvement of the TPU’s Vulnerability Management Program, including the configuration and tuning of vulnerability scanning tools, coordination of remediation activities with system owners and administrators, and integration of vulnerability intelligence into risk-based decision-making. The engineer ensures vulnerabilities are prioritized and remediated in alignment with business impact, exploitability, and regulatory requirements.

     

    As a subject matter expert in vulnerability assessment, secure configuration, and endpoint protection practices, this position contributes to system and application hardening, supports secure architecture reviews, and advises on remediation and risk mitigation strategies. The engineer also plays a key role in maintaining the health and effectiveness of security platforms that enable vulnerability detection, endpoint detection and response (EDR), asset visibility, and configuration compliance across TPU’s hybrid IT/OT infrastructure.

     

    Through mentorship of junior engineers and analysts, oversight of vulnerability lifecycle processes, and ownership of assigned NERC-CIP compliance responsibilities, this position supports the resilience and compliance of TPU’s essential services. This position directly influences the maturity and effectiveness of the cybersecurity operations program and strengthens TPU’s ability to manage risk and remain secure in the face of evolving threats.

    Job Responsibilities:

    + Lead TPU’s Vulnerability Management (VM) Program: Identify and implement program and process areas for improvements, and revise annually or in response to new organizational, threat, and compliance-driven requirements to drive continual improvement of the VM Program, ensuring vulnerability-related risk is visible, prioritized, and effectively managed by the organization.

    + Operate and maintain VM tools: Conduct vulnerability scans across IT and OT systems, analyze and validate results, maintain scanning tools, and create tickets for system owners. Communicate with VM Program stakeholders, consult on appropriate remediation strategies.

    + Cybersecurity incident response: Support analysts and stakeholders in investigating alerts and contributing to active incident response processes using tools such as SIEM, EDR, and threat intelligence platforms.

    + Procedure Development & Process Improvement: Drive program maturity by supporting regular updates to cybersecurity team plans, and procedure updates based on program data, industry best practices, and the cybersecurity strategic roadmap.

    + Mentor and guide team members: Conduct informal coaching, shadowing, peer reviews, and feedback to build team capability, enhance knowledge transfer, and support succession planning.

    + Develop and maintain internal documentation: Improve and maintain VM Plan, technical processes, and best practices guides to promote consistency, preserve institutional knowledge, and provide reference material that improves long-term team efficiency.

    + Collaborate with stakeholders: Communicate with internal teams and business units during investigations to gather context, validate findings, and coordinate remediation and incident resolution.

    + Support Regulatory Compliance (NERC-CIP): Maintain assigned CIP responsibilities by supporting documentation, audit readiness, and evidence gathering to ensure compliance with security standards.

    Qualifications

    Minimum Education*

    Bachelor's degree in information technology, cybersecurity or directly related field

    *Equivalency: 1 year of experience = 1 year of education

    Minimum Experience*

    4 years of progressively responsible information technology experience related to assignment

     

    Licensing, Certifications and Other Requirements

     

    Security+ or related certification (GIAC GCIA, GIAC GCIH, CISSP)

    As Assigned:

    Washington State Driver's License

     

    Depending on assignment, some positions may require the ability to pass additional background checks and / or obtain additional certifications, with maintenance thereafter

     

    Knowledge & Skills

     

    The ideal candidate thrives in a collaborative environment and works effectively as part of a cross-functional team supporting both enterprise IT systems and operational technology (OT) environments such as ICS and SCADA. The candidate should possess the following skills and certifications:

     

    + Expertise with Vulnerability Management platforms (e.g., Rapid7, Qualys, Nessus).

    + Expertise with SIEM platforms (e.g., LogRhythm, Splunk)

    + Experience managing and tuning EDR and application control platforms (e.g., Carbon Black, CrowdStrike)

    + Experience in vulnerability management work, including performing vulnerability assessments and remediation coordination.

    + Experience in conducting security investigations and incident response activities.

    + Strong understanding of MITRE ATT&CK, threat modeling, and TTP analysis.

    + Familiarity with scripting and automation (e.g., Python, PowerShell).

    + Strong communication, collaboration, and customer service skills.

    + Incident response leadership in enterprise environments.

    + Certifications: Security+, GIAC GCIA, GIAC GCIH, or equivalent.

    + Experience with NERC-CIP and other regulatory cybersecurity standards.

     

    Selection Process & Supplemental Information

     

    This recruitment is being managed by Kye Merritt, if you would like to be notified of similar opportunities or stay connected with things going on at Tacoma Public Utilities and the City of Tacoma, connect with me on LinkedIn (https://www.linkedin.com/in/kyemerritt/) !

     

    Compensation & Benefits

    Pay Details:

    Annual Salary: $118,560.00 - $166,920.00

     

    Employee Benefits | City of Tacoma (https://tacoma.gov/government/departments/human-resources/employee-benefits/)

    Tacoma Power

    Tacoma Power (https://www.linkedin.com/company/tacoma-power/) is an almost 100% hydroelectric, municipally-owned public power utility, located in Tacoma. We serve approximately 180,000 customers as one of the three operating divisions of Tacoma Public Utilities, alongside Tacoma Water and Tacoma Rail. As one of the most livable, walkable cities in the country, you'll find that Tacoma is a great fit for all interests with places to bike, run, hike, and explore, the perks of a big city, and the charm of a small town. We welcome you to take a look at our website and discover how the City of Tacoma can make your next career move part of our combined destiny:

     

    http://www.cityoftacoma.org/

     

    https://www.mytpu.org/

     

    http://www.traveltacoma.com/

    City of Tacoma’s Commitment to Diversity, Equity, and Inclusion

    A Commitment to Equity & Diversity

     

    At the City of Tacoma, we're on a mission to make our workforce as diverse and inclusive as the community we serve. We actively seek out candidates from a wide range of backgrounds and cultures. Join our team at the City of Tacoma and help us build a more vibrant, inclusive, and equitable community for all.

     

    If you have a less traditional background, we want to hear about your transferrable skills and experience. We value a variety of perspectives and are excited to see what you bring to the table.

     

    The Community

     

    Tacoma is centrally located just 32 miles south of the city of Seattle and 31 miles north of the state capital, Olympia. The City of Tacoma is also home to the Port of Tacoma, which is among the largest container ports in the United States. Like most cities in the northwest, Tacoma is surrounded by beautiful nature, offering residents many opportunities for outdoor adventures.

     

    Largely suburban in nature with a small, but dense, urban core, Tacoma is home to numerous institutes of higher learning that attract students from across the country. The University of Washington Tacoma, Pacific Lutheran University, University of Puget Sound, a satellite campus of the Evergreen State College, three community/technical colleges, and several trade and business schools are within Tacoma's geographic area. Downtown's Cultural District is the site of the Washington State History Museum, Museum of Glass, the Tacoma Art Museum, and America's Car Museum.

     

    With its affordable housing and distinctive neighborhoods and business districts, the city has been recognized numerous times as a best city to live in the nation. To see a few of the great things Tacoma has to offer, view this YouTube Video!

     

    View this exciting video to learn more about the City of Tacoma: https://www.youtube.com/watch?v=2n5MWl8KFvI

     

    Application Process

     

    Interested individuals should apply online by completing the application and attaching a resume and cover letter by the closing date and time listed on the job announcement. Applications received without attaching the required materials may not progress in the selection process. Applicants who have the strongest backgrounds related to the responsibilities of this position may be invited to participate in the interview process, which may include a work problem. Appointment is subject to passing a background check.

     

    Get Assistance

     

    For assistance with the application process or questions regarding this job announcement please contact the Human Resources office at (253) 591-5400 by 4:00 p.m. of the closing date of the job announcement.

     

    For technical difficulties using the NEOGOV system, call the applicant support line at 1-855-524-5627 between 6:00a.m. and 5:00 p.m. Pacific Standard Time. This will allow us to assist you before the job announcement closes.

     

    Communication with the City of Tacoma

     

    We primarily communicate via email during the application process. Emails from Tacoma.gov and/or governmentjobs.com should be placed on your safe domain list to ensure that you receive notifications in a timely manner. As a precaution, you may also want to check your junk email folders.

     

    Note: The provisions of this job announcement do not constitute an expressed or implied contract. Any provision contained herein may be modified and/or revoked without notice.

     

    The City of Tacoma provides excellent medical, dental and vision plans for the whole family; paid holidays and paid leave; participation in the Tacoma Employees' Retirement System (alternate plan for Police/Fire); continuing education and advancement opportunities and a growing variety of City-sponsored health and wellness opportunities and incentives.

     

    Medical Coverage: For eligible employees and their families, including domestic partners and dependent children age 26 or younger.

     

    Dental Coverage: For eligible employees and their families, including domestic partners and dependent children age 26 or younger.

     

    Vision Coverage: For eligible employees and their eligible dependents.

     

    Paid Leave: City employees are entitled to received paid holidays, sick/vacation leave or personal time off (PTO), depending upon union affiliation and appointment type.

     

    Insurance Plans: Employees are covered by a long-term disability plan. Short-term and expanded long-term disability insurance plans are also available to employees. The State Industrial Insurance Act also covers employees.

     

    Deferred Compensation: Income can be set aside on a pretax basis and invested for supplementation of normal retirement income.

     

    Retirement: All employees of the City, except members of the Police and Fire services, Tacoma Rail and certain project employees, are included in the Tacoma Employees' Retirement System. Information on the Tacoma Employees' Retirement System can be found at www.cityoftacoma.org or by calling (253) 502-8200.

     

    Other Employment Information

     

    Direct Deposit: Employees are paid on a bi-weekly schedule by direct deposit.

     

    Salary Increases: Based on satisfactory job performance, the City provides for a regular progression of salary increases for most classifications according to the salary schedule.

     

    Union Affiliation: Many job classifications are covered by union security provisions which require union membership, dues, or payment of equivalent service fees.

     

    Note: The provisions of this job announcement do not constitute an expressed or implied contract. Any provision contained herein may be modified and/or revoked without notice.

     

    01

     

    Do you have a Bachelor's degree in degree in information technology or directly related field (such as computer science) or a combination of equivalent education and experience? *Equivalency: 1 year of experience = 1 year of education

     

    + Yes

    + No

     

    02

     

    Do you have 4 years or more of progressively responsible information technology experience related to assignment?

     

    + Yes

    + No

     

    03

     

    One of the City's Principles that guides us is Equity. Describe what equity means to you and describe any experience you have working with diverse groups of people.

     

    04

     

    Please tell us how you learned about this job opening.

     

    + Job Interest Card notification

    + Internet search

    + Professional organization

    + Community organization

    + Military organization

    + Union job posting

    + City of Tacoma employee

    + Online job board posting

    + Word of mouth

    + Other

     

    05

     

    Please provide specific information regarding how you learned about this job opening. Thank you, your feedback will be used to evaluate our success reaching the public and refine our methods for future job postings.

    Required Question

    Employer

     

    City of Tacoma

     

    Address

     

    Human Resources Department 747 Market Street Tacoma, Washington, 98402-3764

     

    Phone

     

    253-591-5400

     

    Website

     

    http://www.tacoma.gov

     

    Apply

     

    Please verify your email address Verify Email