Vulnerability Management Consultant:
On behalf of our consulting client, Procom is searching for a Vulnerability Management Consultant for a 6 month contract role. This position is a remote position located in Toronto, Ontario, Canada.
Vulnerability Management Consultant - Job Description:
We are seeking an experienced contractor to enhance its vulnerability management program and external attack surface management capabilities. This role involves managing the end-to-end vulnerability lifecycle and expanding external ASM visibility across the client’s global infrastructure.
Vulnerability Management Consultant - Responsibilities:
- Operate and maintain the client’s enterprise VM program across on-premise, cloud (AWS, Azure), and hybrid infrastructure
- Configure and optimize scanning coverage, credentialing, and policy in the designated VM platform (Tenable, Qualys, or Rapid7)
- Establish and enforce risk-based prioritization using CVSS, EPSS, CISA KEV status, and asset business criticality
- Integrate VM findings with ServiceNow or equivalent ITSM for structured remediation assignment and tracking
- Partner with IT, DevSecOps, and cloud infrastructure teams on remediation execution and patch validation
- Conduct and maintain continuous external attack surface discovery across the client’s domain portfolio, IP ranges, cloud assets, and third-party infrastructure
- Produce executive-ready reporting that translates technical findings into business risk language for CISO and VP-level audiences
Vulnerability Management Consultant - Mandatory Skills:
- 5+ years of hands-on vulnerability management experience in enterprise environments (2,000+ managed assets)
- Deep proficiency in at least one enterprise VM platform: Tenable.sc / Tenable.io, Qualys VMDR, or Rapid7 InsightVM
- Demonstrated ASM experience — external discovery, shadow IT identification, and exposure prioritization
- Strong command of vulnerability prioritization: CVSS v3/v4, EPSS, CISA KEV, and threat-context scoring
- Cloud security scanning experience across AWS, Azure, or GCP
- Experience integrating VM workflows with ServiceNow, Jira, or equivalent ITSM platforms
- Ability to produce executive-quality posture reports and present findings to CISO-level stakeholders
Vulnerability Management Consultant – Nice-to-Have Skills:
- Relevant certifications: GPEN, GEVA, CISM, CISSP, Tenable Certified, or Qualys Certified Specialist
- Experience with product security or OT/IoT vulnerability management in a hardware-adjacent environment
- Familiarity with ASM platforms: Censys ASM, Cortex Xpanse, Runzero, or Axonius
- Scripting capability in Python or Bash for scan automation, API integrations, and report generation
- Consulting or MSSP background
Vulnerability Management Consultant – Assignment Length:
This is a 6 month contract position.
Vulnerability Management Consultant - Start Date:
ASAP.
Vulnerability Management Consultant - Assignment Location:
Remote position located in Toronto, Ontario, Canada.
