Role Overview:
We are seeking a seasoned Vulnerability Management Lead to oversee and evolve our enterprise-wide threat and vulnerability management program. This role sits at the intersection of security operations and strategic program leadership — responsible for driving systematic identification, assessment, prioritization, and remediation of vulnerabilities across a complex global environment spanning on-premises infrastructure, cloud platforms, and hybrid deployments.
The ideal candidate brings both hands-on technical depth and the leadership acumen to engage stakeholders at all levels, from engineering teams executing remediations to executives requiring clear risk summaries. This is a high-impact position for someone passionate about operational excellence and continuous program improvement.
Key Responsibilties:
• Own the end-to-end vulnerability management lifecycle across enterprise environments including Windows and Linux operating systems, network infrastructure, cloud platforms (AWS and Azure), containerized applications, and digital certificate management.
• Execute and oversee ongoing vulnerability scanning, risk prioritization, and structured remediation workflows across cloud and on-premises systems, applying recognized industry frameworks and security best practices.
• Develop and maintain a metrics and reporting framework to measure program maturity, track remediation SLAs, and communicate risk posture to internal and external stakeholders — leveraging automation to reduce manual effort and improve accuracy.
• Serve as the internal subject matter authority on vulnerability risk, providing guidance to both technical and non-technical teams on threat impact, exploitability, and remediation options — including endpoint protection, network-level controls, and cloud-native security mechanisms.
• Build and maintain collaborative working relationships with cross-functional and global teams to ensure vulnerability risks are clearly communicated, tracked, and resolved in alignment with organizational risk appetite.
• Lead root cause analyses following security events or remediation gaps, and produce clear executive-level reports summarizing findings, risk exposure, and recommended courses of action.
• Support day-to-day program operations including documentation upkeep, policy and procedure development, and participation in incident response activities as required.
• Continuously assess and improve program tooling, processes, and detection capabilities to stay ahead of the evolving vulnerability landscape and organizational scale.
• Plan and coordinate security testing and validation exercises — including scan coverage reviews, finding validation, and remediation verification — across applications, infrastructure, and data environments.
• Prepare and deliver SLA-aligned, volume-based, and risk-tiered reporting for internal leadership and external stakeholders as required.
Qualifications:
• Bachelor's degree in a relevant field with 5+ years of progressive experience in information security, with a focus on vulnerability management or security operations.
• Demonstrated hands-on proficiency with enterprise vulnerability scanning platforms such as Rapid7, Qualys, Tenable, or Armis; familiarity with SIEM tooling, ticketing/workflow systems (e.g., ServiceNow Vulnerability Response), and hybrid cloud security environments (AWS, Azure).
• Proven track record leading vulnerability management functions — including full-cycle scanning operations, risk communication, and remediation tracking across diverse technology environments.
• Working knowledge of data visualization and reporting platforms such as Wiz, Snowflake, or Power BI, with strong proficiency in Excel and PowerPoint for stakeholder reporting and analysis.
• Scripting experience in Python or PowerShell is an asset, particularly for automation of vulnerability workflows and process optimization.
• Familiarity with security and compliance frameworks such as NIST CSF or ISO 27001 is beneficial.
• Strong organizational skills with the ability to manage competing priorities independently while contributing effectively within collaborative team settings.
• Exceptional communication skills — able to translate complex, technical vulnerability findings into business-relevant language for executive and non-technical audiences.
