Architect and lead the end-to-end vulnerability management lifecycle, ensuring alignment with global security frameworks such as NIST, ISO 27001/2, and CIS Top 20
Lead high-level risk discussions with business and technical stakeholders to transform raw vulnerability data into prioritized, actionable remediation roadmaps
Serve as a trusted security advisor to infrastructure and application teams, fostering a culture of shared accountability for security debt and remediation
Design and maintain a comprehensive security metrics program using BI tools (e.g., Tableau) to communicate program effectiveness and residual risk to executive leadership
Drive the strategic selection, integration, and optimization of advanced security technologies to ensure a future-ready defense against emerging threats
Spearhead the use of Python, PowerShell, and API integrations (with tools like CrowdStrike) to automate repetitive workflows and improve the Mean Time to Remediate (MTTR)
Own the development and continuous improvement of cybersecurity policies and standards, ensuring they reflect current global threat intelligence and regulatory requirements
Perform complex, risk-based assessments of both on-premises and cloud-native services to ensure consistent security controls across a hybrid environment
Build and present compelling technical and business cases for security investments, securing buy-in for initiatives that mitigate critical enterprise vulnerabilities

Requirements

BA/BS degree, or equivalent experience
Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Certified Vulnerability Assessor (CVA), GIAC Enterprise Vulnerability Assessor (GEVA), or other similar credentials, is desired
Demonstrated success in architecting, implementing, and scaling enterprise-grade vulnerability management programs from the ground up
7+ years of extensive experience in security vulnerability management, including sophisticated scanning methodologies, risk-based assessment, and complex remediation orchestration
Advanced hands-on experience with industry-leading vulnerability management platforms and their integration into the broader security stack
Deep understanding of mapping vulnerability remediation to regulatory frameworks and standards such as PCI-DSS, HIPAA, SOC2, and GDPR
Proven ability to author and enforce enterprise security policies, standards, and SLAs that drive measurable risk reduction
Expert-level skill in developing and presenting high-fidelity security metrics and KPIs to influence executive-level decision-making
Advanced knowledge of current and emerging threat vectors, exploit techniques, and the ability to pivot strategies based on the evolving global landscape
Strong background in aligning vulnerability data with Incident Response (IR) and Threat Hunting workflows to accelerate containment and recovery
Experience serving as a technical lead on large-scale infrastructure and cloud security initiatives, ensuring "secure-by-default" configurations
Proficiency with vulnerability management tools (e.g., Tenable, CrowdStrike) and scripting/automation languages (e.g., PowerShell, Python)
In-depth understanding of security frameworks and standards (NIST, ISO27001/2, CIS Top 20 Controls)
Strong knowledge of compliance standards and regulatory requirements (e.g., PCI-DSS)
Ability to analyze complex vulnerability data to identify patterns, trends, and actionable insights
Risk-based assessment capabilities to prioritize and address critical vulnerabilities effectively
Strong verbal and written communication skills for reporting and stakeholder engagement
Proven ability to collaborate with cross-functional teams, serving as a trusted advisor
Ability to identify gaps in security measures and propose effective solutions
Strategic mindset for building business cases and influencing security tool adoption
Self-driven with the ability to manage and update cybersecurity policies and standards independently
Strategic thinking to contribute to the advancement of the cybersecurity program.

Benefits

Competitive Pay and Bonuses
Financial Planning and wellbeing
Time away from work
Extras, discounts and perks
Growth and Development
Health and Wellness

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability managementrisk-based assessmentremediation orchestrationsecurity metricsthreat vectorsexploit techniquesdata analysisincident responsethreat huntingcybersecurity policy development

Soft Skills

communication skillscollaborationstrategic thinkingstakeholder engagementtrusted advisorself-drivenproblem-solvinginfluencingpresentation skillsaccountability

Certifications

CISSPCVAGEVAGlobal Information Assurance Certifications