Vulnerability Management Specialist

Vulnerability Management Specialist - Mercer

Location: Flexible - New York, Hoboken, Washington, DC, East Coast

The vulnerability management lead will develop, implement, and execute the vulnerability management program, including vulnerability identification, prioritization and remediation. He or she will be part of the Mercer Information Security team, and will collaborate with other IT teams including operations, infrastructure,and application development. The vulnerability management specialistwill report to the Director of Information Security.

Main responsibilities include:

Facilitate security vulnerability remediation efforts through cross functional team

Assist with the identification, prioritization, and remediation of web applications, software, and OS vulnerabilities

Leverage threat and vulnerability feeds and analyze intelligence to continuously adapt the vulnerability management program to relevant and current threats

Assist with the identification of compensating controls and validation of mitigation strategies to reduce technical and business risk

Enhance and develop coverage metrics and remediation effectivenessand risk reduction KPIs

Create reportsfor management and stakeholders

Assist with other Information Security programs

The person will create and document Secure Infrastructure Solutions and participate in project teams to include designing connectivity and Software Solutions Aligning Security, cost, performance, and customer requirements to reach viable secure solutions

Ensure data integrity in all technical solutions with regards to protecting the company and its customer's intellectual property

Engineer, document, and implement comprehensive Information Security Solutions to include process mapping, technical diagrams and schematics, standard operating procedures, and technical infrastructure documentation

Work with the various our operating companies to provide guidance on Secure Application hosting

Assess applications and the associated data flow for risk to sensitive data, systems, or infrastructure

Collaboratively document security controls and application access requirements associated with hosted applications and systems

Develop/maintain product and technology roadmaps for solutions such as web content filtering, intrusion detection systems, and infrastructure firewalls

Research industry best practices, maintain technical expertise, and apply security and disaster recovery principles to all projects and programs

Influence technical/strategic direction of the Information Security function as it relates to keeping information secure and available for all company constituent

Contribute to and helps shape the future strategic direction of Information technology within the company operating companies

Participate in the computer incident response team as required by providing Tier III support as needed to mitigate security incidents

Be responsible for End-to-End enterprise-wide Tier III troubleshooting of network, desktop, server (hardware & software) and application performance & connectivity across the global enterprise wide area network as it relates to Information Security


  • Bachelors degree required
  • 7+ years in information security, with 3+ years of experience in threat and vulnerability management
  • Experience with vulnerability detection and tracking platforms/solutions
  • Ability to remain current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats
  • Excellent interpersonal skills, andability to leverage cross-functional teams and drive changes in a complex environment
  • Strong oral and written communication skills
  • Experience with data analysis and visualization tools preferred
  • SANS training/certifications andCISSP preferred
  • Consulting experience a plus
At Mercer, we make a difference in the lives of more than 110 million people every day by advancing their health, wealth, and careers. We're in the business of creating more secure and rewarding futures for our clients and their employees - whether we're designing affordable health plans, assuring income for retirement or aligning workers with workforce needs. Using analysis and insights as catalysts for change, we anticipate and understand the individual impact of business decisions, now and in the future. We see people's current and future needs through a lens of innovation, and our holistic view, specialized expertise, and deep analytical rigor underpin each and every idea and solution we offer. For more than 70 years, we've turned our insights into actions, enabling people around the globe to live, work, and retire well. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. At Mercer, we say we Make Tomorrow, Today. Visit for more information and follow us on LinkedIn and Twitter @Mercer.

Mercer LLC and its separately incorporated operating entities around the world are part of Marsh & McLennan Companies, a publicly held company (ticker symbol: MMC).

Back to top