At Jack Henry, we deliver technology solutions that are digitally transforming and empowering community banks and credit unions to provide enhanced and streamlined user experiences to their customers and members. Our best-in-class products are just the start as we lay the groundwork for the future of digital banking and payments. We hope you’ll join us. We can’t do it without you.
We are seeking a highly skilled and experienced Senior Vulnerability Management Engineer to join our Information Security team. This role is responsible for leading enterprise-wide vulnerability management efforts across infrastructure, endpoints, cloud platforms, and applications. The ideal candidate will have deep technical expertise in identifying, assessing, and prioritizing vulnerabilities, as well as partnering cross-functionally to drive timely remediation in alignment with risk posture and compliance goals.
This position can be based to work out of any Jack Henry office or remotely from any US location. Travel up to 5% for meetings and trainings may be required. Salary range for this position is $90-135k, depending on candidate experience and geographic location.

CULTURE OF COMMITMENT

Ask our associates why they love Jack Henry, and many will tell you it is because our culture is exceptional. We do great things together. Rising to meet challenges and seeking opportunities is part of who we are as an organization. Our culture has helped us stay strong through challenging times and we credit our dedicated associates for our success. Visit our Corporate Responsibility site to learn more about our culture and commitment to our people, customers, community, environment, and shareholders.

EQUAL EMPLOYMENT OPPORTUNITY

At Jack Henry, we know we are better together. We value, respect, and protect the uniqueness each of us brings. Innovation flourishes by including all voices and makes our business - and our society - stronger. Jack Henry is an equal opportunity employer and we are committed to providing equal opportunity in all of our employment practices, including selection, hiring, performance management, promotion, transfer, compensation, benefits, education, training, social, and recreational activities to all persons regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, genetic information, pregnancy, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, and military and veteran status, or any other protected status protected by local, state or federal law.
No one will be subject to, and Jack Henry prohibits, any form of discipline, reprisal, intimidation, or retaliation for good faith reports or complaints of discrimination of any kind, pursuing any discrimination claim, or cooperating in related investigations.
Requests for full corporate job descriptions may be requested through the interview process at any time

• Contribute to maturing the enterprise vulnerability management program, ensuring complete visibility across systems, networks, containers, and applications.
• Perform in-depth analysis of vulnerability data to assess risk and prioritize remediation efforts based on asset criticality, threat intelligence, and exploitability.
• Collaborate with system administrators, application owners, developers, and DevOps teams to validate findings, coordinate remediation timelines, and track remediation progress.
• Manage and optimize scanning infrastructure and tools (e.g., Tenable, Qualys, Rapid7, etc.).
• Integrate vulnerability data with other systems for automation, alerting, and reporting.
• Design and develop dashboards, reports, and KPIs for executive and operational visibility into vulnerability trends, compliance, and SLAs.
• Continuously evaluate new tools, techniques, and best practices to improve detection, efficiency, and accuracy.
• Provide guidance and mentorship to junior staff and lead projects aimed at improving posture, reducing attack surface, or enhancing program maturity.
• Contribute to threat modeling, risk assessments, and compliance activities (e.g., PCI, SOX, HIPAA, FedRAMP).
• Performs other duties as assigned.