Q) Is it necessary to have website maintenance, vulnerability scanning, remediation
monthly, including vulnerability assessment that fixes the issues that have been raised making changes to the site when required. I mean are these security issues not taken care by WP Engine hosting itself?
A) WP Engine would handle some aspects of the security of your site but the content of your site is controlled on your end. This includes plugins and when you update plugins, WordPress versions etc.
There are different security headers that can be added as well, that need to be requested or provided by your development team as these can impact the site.
WP Engine manages the hardware and keeps the infrastructure secure and they do run periodic security scans. If a site becomes infected with malware, they can also run scans and get infection removed.