Vulnerability Management Consultant

Job Description

Vulnerability Management Consultant:
On behalf of our consulting client, Procom is searching for a Vulnerability Management Consultant for a 6 month contract role. This position is a remote position located in Toronto, Ontario, Canada.

Vulnerability Management Consultant - Job Description:
We are seeking an experienced contractor to enhance its vulnerability management program and external attack surface management capabilities. This role involves managing the end-to-end vulnerability lifecycle and expanding external ASM visibility across the client’s global infrastructure.

Vulnerability Management Consultant - Responsibilities:
• Operate and maintain the client’s enterprise VM program across on-premise, cloud (AWS, Azure), and hybrid infrastructure
• Configure and optimize scanning coverage, credentialing, and policy in the designated VM platform (Tenable, Qualys, or Rapid7)
• Establish and enforce risk-based prioritization using CVSS, EPSS, CISA KEV status, and asset business criticality
• Integrate VM findings with ServiceNow or equivalent ITSM for structured remediation assignment and tracking
• Partner with IT, DevSecOps, and cloud infrastructure teams on remediation execution and patch validation
• Conduct and maintain continuous external attack surface discovery across the client’s domain portfolio, IP ranges, cloud assets, and third-party infrastructure
• Produce executive-ready reporting that translates technical findings into business risk language for CISO and VP-level audiences

Vulnerability Management Consultant - Mandatory Skills:
• 5+ years of hands-on vulnerability management experience in enterprise environments (2,000+ managed assets)
• Deep proficiency in at least one enterprise VM platform: Tenable.sc / Tenable.io, Qualys VMDR, or Rapid7 InsightVM
• Demonstrated ASM experience — external discovery, shadow IT identification, and exposure prioritization
• Strong command of vulnerability prioritization: CVSS v3/v4, EPSS, CISA KEV, and threat-context scoring
• Cloud security scanning experience across AWS, Azure, or GCP
• Experience integrating VM workflows with ServiceNow, Jira, or equivalent ITSM platforms
• Ability to produce executive-quality posture reports and present findings to CISO-level stakeholders

Vulnerability Management Consultant – Nice-to-Have Skills:
• Relevant certifications: GPEN, GEVA, CISM, CISSP, Tenable Certified, or Qualys Certified Specialist
• Experience with product security or OT/IoT vulnerability management in a hardware-adjacent environment
• Familiarity with ASM platforms: Censys ASM, Cortex Xpanse, Runzero, or Axonius
• Scripting capability in Python or Bash for scan automation, API integrations, and report generation
• Consulting or MSSP background

Vulnerability Management Consultant – Assignment Length:
This is a 6 month contract position.

Vulnerability Management Consultant - Start Date:
ASAP.

Vulnerability Management Consultant - Assignment Location:
Remote position located in Toronto, Ontario, Canada.
 

This employer uses both human and technology-assisted tools to support candidate screening and assessment. Final hiring decisions are made by people.