Vulnerability Management Engineer
About the role
Job Description
Position: Vulnerability Management Engineer
Type: Full Time
Location: Remote, Canada
Salary Range: $100k CAD per annum
About the Company:
CYBERWELL is the new name behind North America’s most trusted cybersecurity brands – Source44, SeekIntoo, Cycura, SecureSolutionsNow and Proack Security. Now united under one banner and backed by WELL Health Technologies, we’re scaling our impact with a fresh vision, a stronger portfolio, and a renewed commitment to helping organizations build lasting resilience in today’s evolving threat landscape.
In today’s threat landscape, complexity is the constant. At CYBERWELL, we’re built to help organizations not just keep up—but get ahead. CYBERWELL is a cybersecurity company purpose built for scale, change, and the realities of modern enterprise. We deliver integrated solution that span the full cybersecurity lifecycle-from offensive security exposure management to GRC, architecture and engineering, threat intelligence, and 24/7 managed detection and response. We partner with enterprise leaders who are navigating regulatory pressure, evolving risk, and growing infrastructure. Whether it's a healthcare provider safeguarding patient data, a government agency defending critical systems, or a tech or financial firm scaling securely - our team helps unify strategy, reduce complexity, and strengthen cyber resilience. Why it matters: Cybersecurity isn't just a technical issue - it’s a business imperative. From compliance and operational uptime to reputation and trust, we help organizations protect what matters most, stay ahead of threats, and build the foundation for long-term success. We're not just another vendor. We're your cybersecurity partner - relentlessly focused on outcomes, backed by world-class talent, and obsessed with your success.
Position Summary:
We are seeking a highly skilled and motivated Security Engineer with a strong background in vulnerability management, IT service management (ITSM), and organizational change leadership. The ideal candidate will hold a CISSP or equivalent certification, have hands-on experience with Qualys or a comparable vulnerability management platform, and demonstrate the ability to lead technical and cultural change initiatives across complex enterprise environments.
This role will be instrumental in supporting our cybersecurity maturity initiatives, integrating vulnerability management into operational workflows, and enabling sustainable change through collaboration with cross-functional teams.
What you will be doing:
- Operate and tune Qualys or equivalent platforms to continuously assess vulnerabilities across cloud and on-prem environments.
- Interpret scan results, prioritize findings using risk-based methodologies (CVSS, threat intel), and coordinate remediation efforts.
- Integrate vulnerability data into SIEM and ITSM platforms to drive operational awareness.
- Contribute to the tuning and optimization of SIEM platforms (e.g., Sentinel, Splunk).
- Provide security engineering support for Azure-based workloads (e.g., Identity Protection, Conditional Access, Defender for Cloud).
- Support infrastructure teams in hardening configurations, implementing least privilege, and integrating detection/prevention technologies.
- Lead or support the design and rollout of security workflows within ITSM platforms (e.g., ServiceNow, Jira Service Management).
- Partner with IT, SecOps, and business stakeholders to drive cultural adoption of security hygiene and policy adherence.
- Advocate for security enablement over enforcement; build buy-in through education, engagement, and visibility.
You have:
- 5+ years of professional experience in IT, security engineering, or related roles.
- CISSP or equivalent security certification (e.g., CISM, SSCP).
- Proficiency with vulnerability management tools such as Qualys, Tenable, or Rapid7.
- Hands-on experience with ITSM frameworks and tools, and demonstrated leadership in change adoption or process transformation.
- Experience with SIEMs, especially in tuning rules, creating detections, and managing logs.
- Strong understanding of Azure security and identity controls.
- Excellent verbal and written communication skills; capable of bridging technical and non-technical stakeholders.
Nice to have:
- Microsoft certifications such as SC-100, SC-300, SC-401.
- Experience supporting cloud-first or hybrid environments.
- Familiarity with frameworks such as NIST CSF, MITRE ATT&CK, CMMI, or Zero Trust.
- Ability to build automated reporting or dashboards to track posture over time.
The salary offered for this position falls within a specified salary range and will be determined based on a variety of factors, including but not limited to the candidate's experience, qualifications, skills, and the specific needs of the organization.
We believe in fair and equitable compensation, and our goal is to offer a competitive salary that reflects the value and expertise of the selected candidate.
We are committed to supporting a diverse, inclusive, and accessible workplace. We welcome and celebrate the diversity of applicants and team members across ability, race, gender identity, sexual orientation, and perspective. We strive to create an inclusive workplace where differences are celebrated and fuel our success.
About WELL Health Technologies Corp
WELL Health is a healthcare technology company empowering providers across North America with innovative digital tools and services.
WELL Health's Practitioner Enablement Platform offers virtual care and digital patient engagement capabilities, along with Electronic Medical Records (EMR), Revenue Cycle Management, and cybersecurity & data protection services. By reducing manual administration tasks, WELL Health helps physicians and healthcare providers increase time spent with patients and avoid burnout.
WELL's comprehensive end-to-end healthcare system includes diagnostic, specialist, private, executive, allied, and primary care clinic services, all integrated with their Practitioner Enablement Platform.
In Canada, WELL Health operates largest medical clinic network in the country and supports thousands of clinicians. WELL is also a leading provider of multi-national, multi-disciplinary telehealth offerings.
In the US, WELL''s subsidiaries, CRH Medical and Wisp, are leading providers of anesthesia services to gastroenterologists and sexual healthcare prescription services, respectively. Circle Medical, WELL Health's bricks-and-clicks clinic service, operates in multiple states. In total, our US healthcare businesses support thousands of healthcare practitioners.
WELL Health has also recently added Doctorly, a German EMR company, to a growing multi-national portfolio.
WELL is publicly traded on the Toronto Stock Exchange under the symbol "TSX: WELL" and on the OTCQX under the symbol "WHTCF".
For corporate information, visit: www.well.company.
Vulnerability Management Engineer
About the role
Job Description
Position: Vulnerability Management Engineer
Type: Full Time
Location: Remote, Canada
Salary Range: $100k CAD per annum
About the Company:
CYBERWELL is the new name behind North America’s most trusted cybersecurity brands – Source44, SeekIntoo, Cycura, SecureSolutionsNow and Proack Security. Now united under one banner and backed by WELL Health Technologies, we’re scaling our impact with a fresh vision, a stronger portfolio, and a renewed commitment to helping organizations build lasting resilience in today’s evolving threat landscape.
In today’s threat landscape, complexity is the constant. At CYBERWELL, we’re built to help organizations not just keep up—but get ahead. CYBERWELL is a cybersecurity company purpose built for scale, change, and the realities of modern enterprise. We deliver integrated solution that span the full cybersecurity lifecycle-from offensive security exposure management to GRC, architecture and engineering, threat intelligence, and 24/7 managed detection and response. We partner with enterprise leaders who are navigating regulatory pressure, evolving risk, and growing infrastructure. Whether it's a healthcare provider safeguarding patient data, a government agency defending critical systems, or a tech or financial firm scaling securely - our team helps unify strategy, reduce complexity, and strengthen cyber resilience. Why it matters: Cybersecurity isn't just a technical issue - it’s a business imperative. From compliance and operational uptime to reputation and trust, we help organizations protect what matters most, stay ahead of threats, and build the foundation for long-term success. We're not just another vendor. We're your cybersecurity partner - relentlessly focused on outcomes, backed by world-class talent, and obsessed with your success.
Position Summary:
We are seeking a highly skilled and motivated Security Engineer with a strong background in vulnerability management, IT service management (ITSM), and organizational change leadership. The ideal candidate will hold a CISSP or equivalent certification, have hands-on experience with Qualys or a comparable vulnerability management platform, and demonstrate the ability to lead technical and cultural change initiatives across complex enterprise environments.
This role will be instrumental in supporting our cybersecurity maturity initiatives, integrating vulnerability management into operational workflows, and enabling sustainable change through collaboration with cross-functional teams.
What you will be doing:
- Operate and tune Qualys or equivalent platforms to continuously assess vulnerabilities across cloud and on-prem environments.
- Interpret scan results, prioritize findings using risk-based methodologies (CVSS, threat intel), and coordinate remediation efforts.
- Integrate vulnerability data into SIEM and ITSM platforms to drive operational awareness.
- Contribute to the tuning and optimization of SIEM platforms (e.g., Sentinel, Splunk).
- Provide security engineering support for Azure-based workloads (e.g., Identity Protection, Conditional Access, Defender for Cloud).
- Support infrastructure teams in hardening configurations, implementing least privilege, and integrating detection/prevention technologies.
- Lead or support the design and rollout of security workflows within ITSM platforms (e.g., ServiceNow, Jira Service Management).
- Partner with IT, SecOps, and business stakeholders to drive cultural adoption of security hygiene and policy adherence.
- Advocate for security enablement over enforcement; build buy-in through education, engagement, and visibility.
You have:
- 5+ years of professional experience in IT, security engineering, or related roles.
- CISSP or equivalent security certification (e.g., CISM, SSCP).
- Proficiency with vulnerability management tools such as Qualys, Tenable, or Rapid7.
- Hands-on experience with ITSM frameworks and tools, and demonstrated leadership in change adoption or process transformation.
- Experience with SIEMs, especially in tuning rules, creating detections, and managing logs.
- Strong understanding of Azure security and identity controls.
- Excellent verbal and written communication skills; capable of bridging technical and non-technical stakeholders.
Nice to have:
- Microsoft certifications such as SC-100, SC-300, SC-401.
- Experience supporting cloud-first or hybrid environments.
- Familiarity with frameworks such as NIST CSF, MITRE ATT&CK, CMMI, or Zero Trust.
- Ability to build automated reporting or dashboards to track posture over time.
The salary offered for this position falls within a specified salary range and will be determined based on a variety of factors, including but not limited to the candidate's experience, qualifications, skills, and the specific needs of the organization.
We believe in fair and equitable compensation, and our goal is to offer a competitive salary that reflects the value and expertise of the selected candidate.
We are committed to supporting a diverse, inclusive, and accessible workplace. We welcome and celebrate the diversity of applicants and team members across ability, race, gender identity, sexual orientation, and perspective. We strive to create an inclusive workplace where differences are celebrated and fuel our success.
About WELL Health Technologies Corp
WELL Health is a healthcare technology company empowering providers across North America with innovative digital tools and services.
WELL Health's Practitioner Enablement Platform offers virtual care and digital patient engagement capabilities, along with Electronic Medical Records (EMR), Revenue Cycle Management, and cybersecurity & data protection services. By reducing manual administration tasks, WELL Health helps physicians and healthcare providers increase time spent with patients and avoid burnout.
WELL's comprehensive end-to-end healthcare system includes diagnostic, specialist, private, executive, allied, and primary care clinic services, all integrated with their Practitioner Enablement Platform.
In Canada, WELL Health operates largest medical clinic network in the country and supports thousands of clinicians. WELL is also a leading provider of multi-national, multi-disciplinary telehealth offerings.
In the US, WELL''s subsidiaries, CRH Medical and Wisp, are leading providers of anesthesia services to gastroenterologists and sexual healthcare prescription services, respectively. Circle Medical, WELL Health's bricks-and-clicks clinic service, operates in multiple states. In total, our US healthcare businesses support thousands of healthcare practitioners.
WELL Health has also recently added Doctorly, a German EMR company, to a growing multi-national portfolio.
WELL is publicly traded on the Toronto Stock Exchange under the symbol "TSX: WELL" and on the OTCQX under the symbol "WHTCF".
For corporate information, visit: www.well.company.