Manager for Total Vulnerability Management (TVM)

About The Position

Requirements

• Minimum of 5–8 years of professional security experience, with at least 3 years focused on vulnerability management.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Wiz, Prisma Cloud).
• Strong understanding of cloud environments (AWS, Azure, GCP) and SaaS-specific security concerns.
• Experience managing vulnerabilities across containers and serverless architectures.
• Familiarity with application security testing (SAST, DAST, penetration testing coordination).
• Proficiency with threat intelligence sources and mapping vulnerabilities to real-world risk.
• Knowledge of patch management processes and integration with IT/DevOps workflows (CI/CD).
• Understanding of network security fundamentals, including firewalls, IDS/IPS, and endpoint security.
• Proven ability to work with cross-functional teams (engineering, DevOps, compliance, product) to drive remediation.
• Familiarity with regulatory and compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR).
• Strong background in risk assessment and prioritization, translating technical findings into business impact.
• Experience in developing and reporting metrics and KPIs for vulnerability management.
• Familiarity with automation and scripting (Python, PowerShell, Bash) to streamline vulnerability workflows.
• Knowledge of NIST, MITRE ATT&CK, CVSS scoring, and industry standards for vulnerability classification.
• Demonstrated ability to manage a team of security professionals.
• Excellent communication and presentation skills for executive-level reporting.

Nice To Haves

• CISSP, CISM, CISA, OSCP, or GIAC certifications (e.g., GSEC, GCIH, GMON) demonstrating advanced security expertise.
• Background in DevSecOps practices and embedding vulnerability management into CI/CD pipelines.
• Experience with infrastructure-as-code (IaC) scanning (Terraform, CloudFormation).
• Familiarity with software composition analysis (SCA) tools for open-source dependency management.
• Knowledge of zero-trust security principles and modern enterprise architecture security.
• Exposure to forensics and reverse engineering for advanced vulnerability analysis.
• Experience working in a SaaS company.
• Strong knowledge of emerging security trends, such as AI-driven threats and supply chain security.

Responsibilities

• Identifying, assessing, prioritizing, and remediating security vulnerabilities.
• Developing and executing a comprehensive vulnerability management strategy.
• Overseeing the full lifecycle of vulnerability and patch management.
• Metric reporting to executive leadership and responding to internal and external audits.
• Partnering closely with infrastructure, application, and delivery teams to ensure timely remediation.
• Driving continuous improvement of processes, tooling, and automation to reduce the organization’s attack surface.

Benefits

• health, dental, and vision insurance coverage
• employee wellness
• life and disability insurance
• a retirement savings plan
• paid holidays
• paid time off