Principal Vulnerability Management Engineer Location: Providence, RI, US, 02903SD Statewide, SD, USMT Statewide, MT, USNE Statewide, NE, USFL Statewide, FL, USMA Statewide, MA, USOK Statewide, OK, USAL Statewide, AL, USTN Statewide, TN, USNH Statewide, NH, USWA Statewide, WA, USPA Statewide, PA, USDE Statewide, DE, USWV Statewide, WV, USIL Statewide, IL, USDC Statewide, DC, USWY Statewide, WY, USGA Statewide, GA, USLA Statewide, LA, USME Statewide, ME, USOR Statewide, OR, USIA Statewide, IA, USCT Statewide, CT, USKY Statewide, KY, USNC Statewide, NC, USVA Statewide, VA, USNY Statewide, NY, USMN Statewide, MN, USRI Statewide, RI, USMI Statewide, MI, USUT Statewide, UT, USWI Statewide, WI, USIN Statewide, IN, USNM Statewide, NM, USKS Statewide, KS, USTX Statewide, TX, USCA Statewide, CA, USSD Statewide, SD, USNV Statewide, NV, USMS Statewide, MS, USMO Statewide, MO, USStatewide, SC, USOH Statewide, OH, USND Statewide, ND, USID Statewide, ID, USNJ Statewide, NJ, USMD Statewide, MD, USAZ Statewide, AZ, USCO Statewide, CO, US Requisition ID: 17211 Brightstar is an innovative, forward-thinking global leader in lottery that builds on our renowned expertise in delivering secure technology and producing reliable, comprehensive solutions for our customers. As a premier pure play global lottery company, our best-in-class lottery operations, retail and digital solutions, and award-winning lottery games enable our customers to achieve their goals, fulfill player needs and distribute meaningful benefits to communities. Brightstar has a well-established local presence and is a trusted partner to governments and regulators around the world, creating value by adhering to the highest standards of service, integrity, and responsibility. Brightstar has approximately 6,000 employees. For more information, please visit www.brightstarlottery.com . **Responsibilities** We are seeking a highly experienced Senior Vulnerability Management Engineer to lead the modernization and ongoing execution of our enterprise-wide vulnerability management program. This role requires both strategic leadership and deep technical expertise in vulnerability discovery, prioritization, and remediation across on-premises and cloud environments. You will work cross-functionally with security engineers, IT, DevOps, and compliance teams to strengthen our risk posture. Key Responsibilities: + Lead the end-to-end revamp of the enterprise continuous vulnerability management program, with a focus on automation, prioritization, and measurable risk reduction. + Own the lifecycle of vulnerabilities—from discovery and validation to tracking and remediation—across endpoints, servers, containers, and cloud infrastructure. + Deploy, manage, and optimize tools such as Tenable, CrowdStrike Exposure Management, SentinelOne Singularity Vulnerability Management, and Wiz for continuous asset and vulnerability visibility. + Collaborate with infrastructure, cloud, and application security engineers to define scanning scopes, improve detection accuracy, and ensure secure configurations across environments. + Deliver actionable reporting and metrics to senior leadership on vulnerability risk trends, SLA compliance, and remediation progress. + Participate in security incident response as needed, especially in cases involving exploitation of known vulnerabilities. + Continuously assess and improve threat prioritization strategies based on exploitability, asset criticality, and business risk. + Serve as a subject matter expert on vulnerability management best practices, secure system baselining, and regulatory alignment. + Mentor junior engineers and support a culture of continuous learning and collaboration across the security team. **Qualifications** + 5–8+ years of experience in vulnerability management, security engineering, or a related technical security field. + Proven track record of leading or rebuilding enterprise-wide vulnerability management programs, with measurable improvements in coverage and risk reduction. + Hands-on experience with modern VM tools: Tenable.sc/IO, CrowdStrike Falcon Exposure Management, SentinelOne Singularity VM, and Wiz for cloud-native environments. + Deep understanding of vulnerability lifecycles, CVSS, exploitability frameworks, and prioritization strategies. + Strong collaboration skills, with the ability to work cross-functionally with IT, DevOps, Compliance, and Security Architecture teams. + Excellent communication skills, capable of translating technical findings into business risk and remediation plans for diverse audiences. **Keys to Success** • Building collaborative relationships • Decision making • Drive results • Foster innovation • Personal energy • Self-leadership \#LI-KM1 #LI-USREMOTE At Brightstar, we consider a wide range of factors in determining compensation, including background, skills, experience, and work location. These factors can cause your compensation to vary. The estimated starting compensation range is $74,961-164,800. The actual pay offered may end up being higher or lower. The Company will comply with all local pay requirements and collective bargaining agreements, where applicable. Base pay is only one part of our Total Rewards program. Sales roles may be eligible for commission payments, while other roles are eligible for discretionary bonuses. In addition, we offer employees a 401(k) Savings Plan with Company contributions, health, dental, and vision insurance, life, accident, and disability insurance, tuition reimbursement, paid time off, wellness programs, and identity theft insurance. Note: programs are subject to eligibility requirements. All Brightstar employees have a role in information security. Annual training will be assigned and required as appropriate. IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. IGT is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted.