Manager - Vulnerability Management

The Manager for Vulnerability Management is responsible for developing and leading a high-performing team focused on vulnerability management, including vulnerability discovery, risk-based prioritization, and enterprise remediation coordination. This role oversees the design, delivery, and continuous improvement of services that reduce technology risk through scalable vulnerability identification and tracking processes, finding ownership, and stakeholder collaboration. The successful candidate will build strong relationships with key enterprise partners – including architecture, engineering, infrastructure, and application teams – to ensure vulnerabilities are understood, prioritized appropriately, and addressed in alignment with business risk tolerance. Through technical expertise and operational leadership, the manager will advance the maturity of the organization's vulnerability management program and its integration with broader cyber risk functions. The ideal candidate will balance strong technical fluency with people leadership, operational execution, and the ability to inspire a high-performing team in a dynamic cybersecurity landscape.

• Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments.
• Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities.
• Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs.
• Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy.
• Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives.
• Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations.
• Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement.
• Supports the organization's processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components.
• Contributes to team culture by modeling integrity, inclusivity, accountability, and collaboration.
• This list is not all-inclusive and you are expected to perform other duties as requested or assigned.

• 8+ years of experience with a Bachelor's degree; at least 1+ years of supervisory/management experience.
• Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred.
• Proven experience managing enterprise-scale vulnerability management programs and tools.
• Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (e.g., CVSS, CISA KEV, EPSS), security benchmarks (e.g., CIS, NIST), and risk quantification techniques.
• Proficiency in selecting, implementing, and managing vulnerability scanning tools (e.g., SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack.
• Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability.
• Skilled in analyzing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals.
• Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture.
• Strong ability to build trust, partnerships, and mutual support across diverse teams.
• Excellent communication and presentation skills, with the ability to convey technical concepts to unique audiences and a strong emphasis on listening and understanding stakeholder needs.
• Proven record of complex and creative problem-solving, and the desire to build, influence, and improve programs, systems, and processes.
• Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change.
• Ability to understand how individual and team efforts align with broader organizational objectives, and to make decisions with enterprise-wide impact in mind.
• Strong commitment to craftsmanship, with a focus on quality, accuracy, and clarity of work.
• Commitment to continuous learning with the ability to research and enhance technical and domain-specific knowledge to support rapidly changing environments.
• Skilled in coordinating multiple concurrent projects with a clear understanding of the project lifecycle, prioritization frameworks, and delivery expectations.

• Competitive base and incentive pay
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program