Cyber Testing & Scanning Leader

About The Position

Requirements

• Expert knowledge of vulnerability scanning tools and SIEM/EDR platforms.
• Strong understanding of MITRE ATT&CK and adversary simulation techniques.
• Exceptional communication and stakeholder management.
• Strategic thinker with strong analytical and problem-solving skills.
• Ability to influence senior leadership and drive organizational change.
• 7+ years in vulnerability management, threat operations, or related security roles.
• Previous experience using MITRE ATT&CK and adversary simulation techniques.
• Previous experience with SIEM/EDR platforms.
• Advanced scripting and automation experience (PowerShell, Python).
• Proven ability to lead cross-functional security initiatives and mentor teams.
• Applicants must be authorized to work for any employer in the U.S.
• We are unable to sponsor or take over sponsorship of an employment Visa for this position.

Nice To Haves

• CISSP, CISA, GIAC GCIH, CompTIA CySA+, GEVA, or equivalent.

Responsibilities

• Define and evolve the vulnerability management program roadmap aligned with organizational risk objectives.
• Establish governance for vulnerability lifecycle management, including prioritization frameworks and SLA enforcement.
• Mentor and guide junior analysts, fostering a culture of continuous improvement and knowledge sharing.
• Oversee enterprise-wide vulnerability scanning across network, cloud, and application environments using platforms such as Qualys, Tenable, or Rapid7.
• Ensure comprehensive asset coverage and maintain accurate CMDB integration.
• Lead risk evaluation efforts using CVSS, QDS, and business impact analysis.
• Drive prioritization strategies for remediation based on exploitability and threat intelligence.
• Coordinate with IT, DevOps, and application teams to ensure timely patching and mitigation.
• Enforce SLA compliance (e.g., Critical: 7 days, High: 30 days, Medium: 60 days, Low: 180 days).
• Escalate systemic issues and propose long-term remediation strategies.
• Act as SME during incident investigations involving vulnerability exploitation.
• Partner with SOC and Threat Hunting teams to integrate vulnerability intelligence into detection and response workflows.
• Ensure adherence to regulatory frameworks (NYDFS, PCI-DSS, ISO 27001).
• Deliver executive-level dashboards and trend analysis on vulnerability posture and remediation progress.
• Own and optimize vulnerability management platforms.
• Design automation workflows and scripts (PowerShell, Python) for patch orchestration and reporting.
• Lead red team and penetration testing initiatives.
• Champion vulnerability-related awareness programs and tabletop exercises.

Benefits

• At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement.
• We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program