Unified Vulnerability Management (UVM) Specialist

Duties and Responsibilities

• Aggregate and normalize vulnerability data from diverse sources into a unified vulnerability platform (UVM).

• Experience with integrating self-hosted and SaaS-based applications via APIs. Expertise utilizing native API integrations and developing custom integrations (via code or scripts).

• Collaborate with product owners (Vulnerability Management, DevSecOps, Cloud Security, etc.) to ensure the collection, quality, normalization, and enrichment of vulnerability data.

• Apply standardized vulnerability severity scoring and customize it to reflect business context and risk appetite.

• Develop and maintain centralized dashboards to visualize risk posture across applications and environments. To include custom dashboards for different stakeholder types (executives, business owners, and resource owners).

• Collaborate with Technical Security Advisors and BISOs to maintain and improve risk reporting (visualizations, dashboards, reports, notifications, etc.).

• Improve exception workflows through UVM integrations with workload mgmt./ticketing systems.

• Build and maintain RBAC to the UVM platform (dashboards, reports, etc.).

• Define and enforce remediation SLAs and shift-left prevention policies.

• Support operational workflows for risk acceptance, false positives, and severity overrides.

• Participate in recurring vulnerability oversight meetings and provide actionable insights.

• Contribute to the development of vulnerability lifecycle processes and automation strategies.

• Maintain comprehensive documentation of technology, projects, processes, etc.

• Stay up to date on security practices and standards; participate in educational opportunities; read professional publications.

• Participate in special projects and other duties as assigned.

• Undergraduate degree in IT or cybersecurity is preferred.

• 3-5 years of experience in vulnerability management.

• Hands-on experience with unified vulnerability management (UVM) solutions (e.g., ArmorCode, Wiz).

• Strong understanding of OWASP Top 10, CVE, CVSS, NVD, and other vulnerability standards.

• Experience with programming and scripting languages (e.g., Python, PowerShell) is preferred.

• Familiarity with data engineering solutions (e.g., Athena, Tableau), workload management solutions (e.g., Jira, ServiceNow), version control and pipeline solutions (e.g., Bamboo, GitHub), and IaC solutions (e.g., Terraform, Ansible).

• Knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.).

• Professional certifications such as CISSP, CCSP, or Security+ a plus.