Manager, Global Vulnerability Management

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience; typically 8–10+ years in security engineering, vulnerability management, offensive security, detection engineering, infrastructure security, or related technical roles.
• Experience leading or managing a technical security team with accountability for both people leadership and delivery outcomes.
• Demonstrated ability to assess whether findings are truly exploitable or materially risky and translate that analysis into prioritized remediation plans.
• Strong hands-on background in vulnerability assessment, validation, remediation strategy, and security engineering across enterprise, cloud, and application environments.
• Deep knowledge of vulnerabilities and exposures across cloud, container, CI/CD, and software supply chain environments, including common exploitation patterns, risk considerations, and remediation approaches.
• Hands-on experience with vulnerability scanning platforms, security data integrations, engineering workflows, and the use of Python and SQL to automate and operationalize security data.
• Superb communication and collaboration skills, including the ability to challenge technical assumptions, partner with engineers, and escalate risk clearly when needed.

Nice To Haves

• Prior hands-on experience in vulnerability research, exploit development, penetration testing, red teaming, security architecture, or remediation engineering.
• Experience building or maturing a risk-based vulnerability management or threat exposure management program in a large-scale environment.
• Familiarity with CTEM concepts and practical judgment on how to apply them in an enterprise context.
• Experience using analytics and data platforms to correlate vulnerability data with threat intelligence, exploit availability, asset criticality, and compensating controls to improve prioritization and measure remediation outcomes.
• Success leading geographically distributed teams and working across IT, engineering, and security operations functions.
• Strong multi-functional partnership experience across IT, engineering, and security operations functions.

Responsibilities

• Lead, mentor, and develop a high-performing Global Vulnerability Management team, building technical depth, analytical rigor, and measurable security outcomes. Build team capabilities while setting a high bar for technical depth, analytical rigor, and measurable security outcomes.
• Own and improve the end-to-end vulnerability and exposure management lifecycle across diverse technology stacks, from discovery and validation through remediation and closure verification.
• Drive risk reduction by prioritizing the exposures that matter most using exploitability, asset criticality, threat intelligence, attacker tradecraft, and business context rather than severity scores alone.
• Perform and review technical analysis of vulnerabilities and exposures, including exploit research, validation, root cause analysis, compensating controls, and remediation recommendations.
• Partner with engineering, infrastructure, product security, governance/risk, security operations, incident response, and threat intelligence teams to drive remediation, improve accountability for risk treatment, and align priorities to active threats.
• Support security coverage across cloud, containers, CI/CD pipelines, internet-facing services, and application ecosystems, including areas where tooling is owned by adjacent teams.
• Drive automation and data operationalization across vulnerability ingestion, enrichment, prioritization, workflow orchestration, and reporting using Python, SQL, and platforms such as Domo and Snowflake.
• Deliver clear reporting to leadership on exposure trends, remediation progress, control gaps, and areas requiring escalation.

Benefits

• medical
• dental
• vision
• matching 401(k)
• paid time off
• wellness program
• employee discounts for Sony products
• bonus package