Manager, Cloud & Infrastructure Vulnerability - USDS

Responsibilities

About the Team
The Validation and Verification (VnV) organization ensures the security and reliability of our products by validating that security controls are implemented correctly, operating effectively, and delivering measurable risk reduction across the enterprise.

VnV operates across a continuous security lifecycle: Prevent → Assure → Test → Fix → Prove, ensuring that security posture is not only designed and tested, but continuously validated in real-world conditions.

About the Role
We are looking for a Vulnerability Management expert to lead the identification, prioritization, and remediation of security flaws across our specialized cloud environments and corporate office infrastructure. This role is at the heart of our defense strategy: you aren't just running scans; you are architecting a risk-based program that secures the very foundation of USDS.

You will lead a team of security practitioners to manage the full vulnerability lifecycle, from agent deployment in OCI to securing the physical and digital footprint of our office environments. By leveraging industry-leading tools like Wiz for cloud-native visibility and Qualys for deep asset assessment, you will ensure that our attack surface is minimized and our compliance with ISO 27001 and other standards is absolute.

Responsibilities
- Program Leadership: Build and scale the Vulnerability Management (VM) function for USDS, covering both Cloud and Office/Corporate Infrastructure.
- Cloud-Native Security: Utilize tools like Wiz to perform agentless scanning, analyze the "Security Graph" for toxic combinations, and identify misconfigurations within our Oracle Cloud (and other cloud) tenancies.
- Infrastructure Scanning: Manage the deployment and tuning of Qualys (Vulnerability Management, Detection and Response - VMDR) for corporate endpoints, servers, and office network appliances.
- Risk-Based Prioritization: Move beyond "critical/high" labels by correlating vulnerability data with threat intelligence and business context to drive the most impactful remediation efforts first.
- Cross-Functional Orchestration: Partner with SRE, IT, and Engineering teams to establish patching SLAs, automate remediation workflows, and provide technical guidance on complex "won't-fix" or exception scenarios.
- Office Infrastructure Security: Oversee the security posture of office networks, including firewalls, Wi-Fi controllers, and IoT devices, ensuring corporate environments meet USDS-specific hardening standards.
- Reporting & Governance: Define and report on key risk metrics (MTTR, scan coverage, patch compliance) for executive leadership and external auditors.
- Tooling Optimization: Act as the primary administrator for the Vulnerability Management toolset, ensuring 100% asset visibility and integrating findings into Jira and GRC platforms.

Qualifications

Minimum Qualifications
- Experience: 5+ years in Cybersecurity, with at least 3+ years leading a Vulnerability Management or Security Operations team.