Iron Mountain Vulnerability & Patch Management Engineer in Boston, Massachusetts


Iron Mountain is the world leader in information management services, assisting more than 140,000 organizations in 53 countries on five continents with storing, protecting, and managing their information.

Publicly traded under NYSE symbol IRM, Iron Mountain is an S&P 500 company and a member of the Fortune 1000 (currently ranked: 681). Organizations in every major industry and of all sizes — including more than 95% of the Fortune 1000 — rely on Iron Mountain as their information management partner.

On their behalf, Iron Mountain currently safeguards and provides access to more than 425 million cubic feet of paper records, 10 billion emails, 65 million computer backup tapes, 2.5 million PCs, and 20,000 servers, and the list is growing exponentially. They safely store some of the world’s most valuable historical artifacts, cultural treasures, business documents, and medical records. To properly protect and render this information, Iron Mountain employs 21,000 professionals and boasts an unrivaled infrastructure that includes more than 1,000 facilities, 10 data centers, and 3,500 vehicles.

Iron Mountain’s experience, knowledge, and reputation for security have been combined to position them as the world’s leading provider of:

  • Records management

  • Data protection and recovery

  • Information destruction

Over the last several years, Iron Mountain has been aggressively investing in their digital offerings, transforming itself from a storage company into a globally integrated information management services business. As a result, the Information Technology infrastructure and application support needs have become critically important to the company’s long-term success.


In this role, the Vulnerability & Patch Management Engineer will lead high priority projects and day-to-day activities related to our Vulnerability & Patch Management Program. The Vulnerability Management Engineer is expected to deliver results while maintaining positive relationships with other IT infrastructure teams and project sponsors.

The Vulnerability & Patch Management Engineer will work in a team based environment performing technical duties supporting Vulnerability & Patch Management and be responsible for executing patches and configuration updates through the production promote life cycle. The Vulnerability & Patch Management Engineer acts as a threat and vulnerability resource assisting with daily operations specifically the remediation of identified vulnerabilities ensuring compliance and security goals. This role works with IT Security Administration, business teams and infrastructure teams to track, and remediate open vulnerabilities on identified systems with in negotiated service level s and assure testing in the development and test environments prior to promotion to production.

For this position, we are seeking a candidate who can administer and maintain centralized patch and vulnerability management solutions to ensure end-points are compliant with Security guidelines. Performs endpoint management to provide patching and task automation of servers and desktops to maintain secure and compliant environment. Maintains a secure, patched, upgraded, and compliant Windows and Linux environment. Troubleshoots and resolves advanced and complex technical problems to ensure minimal disruption to client mission critical environment. Prepares technical designs and documentation (i.e., knowledgebase articles) for use by support teams.

Job Specific Responsibilities

  • Manage monthly automated scans and analysis of enterprise-class information systems, to include discovery scans, compliance scans, and vulnerability scans

  • Managing projects to improve the Vulnerability & Patch Management Program

  • Reporting on compliance to vulnerability remediation policy

  • Subject Matter Expert for our vulnerability scanner & tools

  • Vulnerability research, review, and escalation

  • Processing exception and dispute requests

  • Identifying and mitigating detection and reporting gaps

  • Tracking and reporting test results

  • Responding to audit requests


  • 8 years working directly with vulnerability and/or patch management

  • Possesses a strong understanding of vulnerability management concepts such as exposure, severity, criticality, risk, and threat

  • Possesses an understanding of how vulnerabilities are exploited

  • Possesses an understanding of SCAP, CVE, CVSS, CPE, CCE and OVAL

  • Demonstrates a firm grasp of the concepts of risk management and mitigation

  • Possesses detailed understanding of various operating systems and common applications as they relate to vulnerabilities

  • Possesses an understanding of virtual server and cloud environments

  • Possesses a strong understanding of baseline scanning and compliance reporting

  • Possesses an understanding of enterprise technology infrastructure, application development & maintenance, software testing, and IT architecture

  • Possesses experience using a variety of vulnerability scanners and managing remediation efforts

Minimum Skills & Qualifications


  • Outstanding written and verbal communication skills, with a high degree of professionalism and strict attention to detail

  • Must be a seasoned Vulnerability Management Engineering to proactively manage, upgrade, and improve a centrally managed infrastructure and provide customer support.

  • Demonstrated subject matter expertise with vulnerability and patch management, insider threat and incident response.

  • Broad knowledge in risk analysis, threat mitigation, and other security domains.

  • Understanding of various networking Ports, Protocols and Services.

  • Scripting experience (e.g. Perl, Python, Linux shell).

  • Network architectures including vlan, routing, firewalls, load balancers, etc.

  • Significant experience with Linux and Windows operating systems, knowledge of virtual environments.

  • Develop and report appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.

  • Candidate should have broad technical knowledge on a number of security technologies and a solid understanding of information and networking security.

  • Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.

Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.

Requisition # 2018-16775

Category Information Technology

Type Full-Time