Posted Jul 10, 2026

Vulnerability Management - StateRAMP/FedRAMP - Remote

Apply for this Position →
Position Overview: • We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts. • This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process. • The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools. • The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools. Position Duties: • Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ • May be necessary to manually run reports to verify remediation efforts were successful • Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with • Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances • Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed • Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future • Assist with software deployments and upgrades. These may include, but not limited to • Solventum application upgrades • Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades • Remediate vulnerabilities within SLA (Service Level Agreement) guidelines • Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner • Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte) Skills: Basic Qualifications: • Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience • Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management • Security & Compliance Knowledge • Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports Preferred Qualifications: • Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment Soft Skills: • Team Collaboration • Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams. • Willingness to share knowledge and support others in troubleshooting and remediation efforts. • Communication • Excellent written and verbal communication skills. • Ability to clearly document findings, remediation steps, and compliance evidence. • Problem Solving • Analytical mindset with a proactive approach to identifying and resolving issues. • Comfortable working independently and managing multiple priorities under tight deadlines. Core Hours: 8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches. Education: Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Apply Now Apply Now