Architect Enterprise Strategy: Design and own the end-to-end vulnerability management architecture—from discovery and coverage to automated validation and executive reporting.
Risk-Based Prioritization: Establish a sophisticated prioritization model that integrates asset criticality, threat intelligence, and exploitability to ensure engineering teams focus on the "critical few" over the "noisy many."
Technical AI Governance: Lead the technical implementation of AI security; design and deploy guardrails for GenAI usage, detect "Shadow AI," and build technical controls to prevent IP leakage into public LLMs.
Attack Surface Engineering: Partner with Cloud and Infrastructure teams to integrate CNAPP/CSPM findings and build automated workflows that reduce configuration-driven exposure in AWS/Azure.
Shift-Left Leadership: Drive DevSecOps excellence by embedding SAST/DAST/SCA and secrets scanning into CI/CD pipelines, preventing vulnerabilities from reaching production.
Metrics & Storytelling: Define and operationalize technical KPIs (MTTR, risk burn-down, coverage) that translate raw technical data into business risk for executive leadership.
Tactical Response: Lead high-severity vulnerability response efforts, providing technical validation, containment strategies, and verification of remediation.
Technical Mentorship: Act as a "multiplier" by setting engineering standards, mentoring security analysts, and leading cross-functional remediation initiatives through technical influence rather than just authority.

Requirements

8+ years of security engineering experience with a heavy focus on vulnerability management, AppSec, or cloud security.
Proven track record of leading complex, enterprise-wide security programs and driving technical change across diverse engineering organizations.
Strong hands-on experience in AWS, GCP, or Azure, specifically regarding identity, secure configuration, and automated telemetry.
Deep expertise in the modern security stack (SAST/DAST/SCA, scanners, and automated ticketing workflows).
Practical understanding of how vulnerability evidence supports compliance in regulated environments (NIST SP 800-171, CMMC Level 2, ITAR).
Exceptional ability to translate a complex CVE into a business risk narrative for non-technical stakeholders.

Benefits

Health insurance
Flexible work arrangements
Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability managementAppSeccloud securitySASTDASTSCAautomated workflowstechnical KPIsrisk burn-downconfiguration management

Soft Skills

leadershipmentorshipcommunicationstorytellingtechnical influencecollaborationproblem-solvingstrategic thinkingtactical responseprioritization

Certifications

NIST SP 800-171CMMC Level 2ITAR