Senior Vulnerability Manager

About The Position

Requirements

• 7+ years of experience in vulnerability management, security engineering, or cyber risk management
• Proven success managing enterprise-scale vulnerability programs across SaaS and public-sector environments
• Deep expertise in vulnerability scanning, CVE/CVSS scoring, exploit analysis, and risk prioritization
• Strong understanding of cloud environments (AWS, GCP, Azure) and modern application stacks
• Demonstrated ability to communicate technical risk clearly to both executive and non-technical stakeholders
• Solid grasp of relevant compliance frameworks: NIST SP 800-53, CIS Controls, ISO 27001, SOC 2, FedRAMP, StateRAMP
• Excellent problem-solving, organizational, and cross-functional collaboration skills

Nice To Haves

• Certifications such as CISSP, CISM, OSCP, or GIAC GCVS/GCFA
• Experience with automation, scripting, and data analytics (Python, PowerShell, API integration, Splunk, or Elastic dashboards)
• Background in security architecture, red teaming, or exploit development
• Familiarity with vulnerability disclosure programs and coordination with bug bounty platforms
• Experience developing and presenting vulnerability metrics to senior leadership or board-level stakeholders
• Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience

Responsibilities

• Own Keeper’s enterprise vulnerability management strategy, governance, and SLAs across all environments
• Build scalable processes for vulnerability discovery, risk scoring, and remediation across multi-cloud and SaaS infrastructure
• Manage vulnerability scanning and asset discovery tools (e.g., Tenable.io) and ensure continuous coverage
• Correlate vulnerability data with threat intelligence and exploit activity to drive risk-based prioritization
• Partner with Engineering, DevOps, IT, and Cloud Operations to ensure timely remediation and SLA adherence
• Integrate vulnerability tracking and remediation into CI/CD and ticketing systems (e.g., Jira, ServiceNow, GitLab)
• Automate scanning, correlation, and reporting workflows using scripting and API integrations
• Develop dashboards and analytics to measure exposure trends and risk reduction progress
• Monitor zero-day vulnerabilities, CISA KEV bulletins, and exploit campaigns to guide proactive mitigation
• Ensure compliance alignment with frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53
• Communicate vulnerability insights and risk metrics to leadership and key stakeholders
• Mentor engineers and analysts, fostering a culture of precision, accountability, and continuous improvement
• Represent vulnerability management in executive briefings, audits, and public-sector engagements

Benefits

• Medical, Dental & Vision (inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
• Voluntary Short/Long Term Disability Insurance
• 401K (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
• Above market annual bonuses