Cybersecurity Engineer III

Make a difference. Be happy. Grow your career.

The Role

​​ The Cybersecurity Engineer III supports the enterprise Cybersecurity program with a primary focus on combined Vulnerability Management and Red Team operations. This role is responsible for identifying, validating, and prioritizing security weaknesses through continuous vulnerability assessment, penetration testing, and adversary emulation activities. The position requires the ability to work independently with moderate supervision, collaborate across technical and business teams, and clearly communicate security risks and remediation guidance.

The Cybersecurity Engineer III provides operational information security support to the enterprise, acting as a technical resource for infrastructure, application, and business teams. This role works closely with Blue Team/SOC, Infrastructure Services, Application Development, Risk Management, and Internal Audit to improve the organization’s security posture through coordinated offensive and defensive security activities.

The position conducts and documents vulnerability assessments, penetration tests, and red team engagements across networks, systems, applications, and cloud environments. Assignments vary in scope and complexity and may include targeted testing, assumed breach scenarios, and validation of security controls.

The Cybersecurity Engineer III identifies security risks, analyzes findings within the context of business impact, and provides actionable remediation recommendations. The role requires consistent documentation of methods, evidence, and conclusions so results can be reproduced and understood by both technical and non-technical stakeholders.

Key Responsibilities

• Execute and support enterprise vulnerability management activities including scanning, validation, risk scoring, prioritization, and remediation tracking.

• Conduct penetration testing and red team activities against networks, endpoints, applications, and cloud services to simulate real-world adversary techniques.

• Collaborate with Blue Team and SOC resources during purple team exercises to improve detection, response, and prevention capabilities.

• Validate the effectiveness of security controls and compensating controls through hands-on testing and adversary emulation.

• Develop and maintain tools, scripts, and techniques to support automated and manual security testing.

• Analyze vulnerabilities and exploitation paths, clearly articulating risk, likelihood, and potential business impact.

• Provide detailed technical reports and executive-level summaries of findings, including clear remediation guidance and risk-based prioritization.

• Support continuous improvement of vulnerability management processes, metrics, and reporting.

• Partner with infrastructure, application, and cloud teams to support secure design, remediation validation, and architecture reviews.

• Stay current on emerging threats, attack techniques, exploitation frameworks, and defensive countermeasures.

• Participate in incident response activities by providing exploitation analysis, attacker tradecraft insights, and root-cause validation as needed.

• Support compliance and risk management efforts by mapping findings to applicable frameworks and standards (e.g., NIST, PCI-DSS, HIPAA, SOC 2).

• Participate in on-call or after-hours activities as required to support testing, remediation validation, or incident response.

Skills and Experience

• 6+ years of relevant experience in cybersecurity, vulnerability management, penetration testing, or red team operations.

• Hands-on experience with vulnerability scanning tools, exploitation frameworks, and manual testing techniques.
• Strong understanding of network, endpoint, application, and cloud security concepts.
• Working knowledge of common attack techniques, tactics, and procedures (TTPs) and defensive controls.
• Experience analyzing and validating vulnerabilities beyond automated scan results.
• Ability to communicate technical security findings clearly to both technical and non-technical audiences.
• Experience producing high-quality technical documentation and assessment reports.
• Familiarity with security frameworks and regulatory requirements such as NIST, PCI-DSS, HIPAA, HITRUST, and SOC 2.
• Strong collaboration skills and the ability to work effectively in a team-oriented environment.

Certifications Preferred not required

• Industry-recognized certifications such as: CEH, OSCP, GPEN, GWAPT, GCIH, CISSP, CISM, CRISC, or equivalent.

• Cloud or platform security certifications (AWS, Azure, GCP) are a plus.

Education and Experience Requirements

• Requires a Bachelor's degree and 8 years of related experience, a Master's degree and 6 years of related experience, or 11 years of related experience and no degree.

Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.