Vulnerability Management Specialist (Sandy Springs)

Vulnerability Management Lead (OT + Enterprise)
Location: Vinings Area
Why this role
TRC’s client is a leading heavy equipment and power solutions provider, supporting construction, industrial, and critical infrastructure environments across the Southeast.
This is a high-impact opportunity to build and own the vulnerability management program across enterprise IT, cloud, and operational technology (OT) environments. You’ll partner directly with leadership to define strategy, implement tooling, and drive measurable risk reduction in an environment where uptime and safety are critical.

What you’ll do

• Build and lead the enterprise vulnerability management program across IT, cloud, and OT environments
• Establish risk-based prioritization frameworks (CVSS, asset criticality, threat intelligence)
• Partner with infrastructure, cloud, application, and OT teams to drive remediation and patching strategies
• Define and manage remediation SLAs, risk exceptions, and compensating controls
• Implement and optimize vulnerability scanning and asset discovery tools, including OT-aware platforms
• Develop dashboards and reporting for leadership visibility (risk trends, exposure reduction, KPIs)
• Validate findings to reduce false positives and improve signal-to-noise
• Continuously improve the vulnerability lifecycle (scan → prioritize → remediate → report)
• Act as the program owner and subject-matter expert, influencing security strategy and best practices

• 3–10+ years of cybersecurity experience, with a focus on vulnerability management or security operations
• Strong understanding of enterprise infrastructure, networks, and cloud environments
• Ability to translate technical findings into clear business and operational risk
• Experience working in complex or constrained environments where patching is not always straightforward

• Exposure to OT / ICS / industrial environments (manufacturing, energy, utilities, logistics, etc.)
• Experience with tools such as:
  • Tenable / Nessus / Qualys / Rapid7
  • OT platforms like Nozomi, Claroty, Dragos, or similar
• Understanding of SCADA, PLCs, and process control systems
• Familiarity with frameworks such as NIST CSF or CIS Controls
• Relevant certifications (CISSP, CISM, GIAC, etc.)