Security Solutions Principal - Threat and Vulnerability Management (TVM)

About The Position

Requirements

• 10+ years in cybersecurity with focus on threat and vulnerability management
• 7-10+ years in cybersecurity consulting/advisory
• Proven experience operationalizing enterprise-scale vulnerability and remediation programs
• Experience coordinating remediation across infrastructure, network, cloud, and application teams
• Strong understanding of attacker TTPs and threat-informed defense
• Experience with vulnerability scanning, prioritization, and remediation workflows
• Familiarity with CTEM and exposure management practices
• Experience presenting to executive and board-level stakeholders
• Consulting or advisory experience with demonstrated delivery impact

Nice To Haves

• Experience in financial services, healthcare, or regulated industries
• Knowledge of cloud and container security exposure management
• Familiarity with attack surface management
• Certifications such as CISSP, CISM, GIAC
• Experience with major VM platforms (Tenable, Qualys, Rapid7, Microsoft, etc.)
• Experience designing automation/orchestration for remediation workflows
• Experience building executive dashboards and reporting frameworks

Responsibilities

• Advise and oversee client projects on Threat & Vulnerability Management strategy, operating models, and multi-year maturity roadmaps
• Translate business and data risks into threat and vulnerability management priorities
• Align programs to frameworks (e.g., NIST, ISO, MITRE ATT&CK-informed approaches)
• Define governance models, roles, and RACI structures for exposure management that fit the client’s culture
• Drive operationalization of CTEM strategies into repeatable, scalable enterprise processes
• Establish enterprise-wide remediation governance models across infrastructure, network, cloud, and application domains
• Lead development and enablement of risk-based vulnerability management programs for clients at enterprise scale
• Design prioritization models incorporating threat intelligence, exploitability, and asset criticality
• Guide remediation and patch management strategies across: Infrastructure and operating systems, Network devices and appliances, Cloud platforms and services, Compute workloads (VMs, containers, serverless), Enterprise and custom applications
• Advise on vulnerability SLAs, KPIs, and reporting structures tied to measurable outcomes
• Improve remediation effectiveness and efficiency across distributed IT and cloud environments through process & control improvements and use of tools/technologies
• Design exception management and risk acceptance frameworks with governance and rigor that are within a client’s risk appetite and risk tolerance and that can withstand regulatory scrutiny
• Conduct threat-centric and scenario-based exposure analysis to simulate realistic attack paths
• Use adversary-focused scenarios to identify control gaps and drive targeted remediation
• Translate threat scenarios into prioritized, actionable remediation plans
• Help clients focus on exposures that materially reduce real-world risk
• Support implementation of exposure validation practices (e.g., attack path analysis, adversary emulation concepts)
• Integrate threat intelligence into prioritization and decision-making
• Help clients evolve from scan-centric to exposure-centric and threat-informed models
• Validate whether remediation actions meaningfully reduce attacker opportunities
• Proven consulting/advisory record of supporting clients in different industries in the TVM domain
• Ability to lead conversations with multiple client stakeholders to define and scope opportunities acting as a security solutions architect
• Polished skills for leading and developing service offerings, TVM thought leadership, proposals, and statement of work products
• Ability to develop, maintain and enhance TVM pipeline, forecasts/actuals, utilization and profitability
• Lead workshops, briefings, and roadmap sessions
• Mentor and train consultants and contribute to capability development
• Demonstrate credibility through both strategic insight and real-world execution experience
• Design and deliver executive-level reporting frameworks that communicate: Risk posture and exposure trends, Remediation progress and SLA performance, Business impact and risk reduction metrics, Threat-driven prioritization rationale
• Develop and deliver dashboards and narratives for CISO, CIO, and board-level audiences
• Translate technical findings into business-relevant risk insights, understanding a client’s risk appetite and risk tolerance
• Enable data-driven security investment decisions
• Assess current-state maturity and define target-state operating models
• Develop processes for continuous discovery, prioritization, validation, and mobilization
• Recommend tooling strategies and integration patterns across VM, EDR, CNAPP, ASM, and SIEM ecosystems
• Optimize workflows between security, IT, DevOps, and cloud teams
• Identify automation opportunities to improve scale and consistency

Benefits

• Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program