Senior Vulnerability Manager

About The Position

Requirements

• 5+ years in information security with 2–3+ years focused on vulnerability management.
• Deep knowledge of secure coding, infrastructure as code, static/dynamic analysis tools (e.g., Snyk, Veracode, Tenable, Rapid7), container security (e.g., Docker, Kubernetes), and cloud platform security (e.g., Wiz, Orca).
• Strong understanding of secure coding and DevSecOps practices.
• Experience in CI/CD integration and developer workflows.
• Strong cross-functional collaboration and communication skills.

Nice To Haves

• Industry certifications (CISSP, CCSP, CISM, CSSLP, etc.).
• Experience in regulated environments (HIPAA, SOC 2, CCPA).
• Familiarity with penetration testing frameworks and tools.
• Knowledge of AI/LLM security considerations.

Responsibilities

• Execute and continuously improve the risk-based vulnerability management program, including procedures, SLAs, and exception processes.
• Drive program maturity, automation, and continuous improvement initiatives.
• Track and report SLA adherence, MTTR, backlog trends, and risk reduction metrics.
• Analyze vulnerability findings and manage remediation workflows based on risk prioritization.
• Prioritize vulnerabilities using CVSS, EPSS, KEV, threat intelligence, and business context.
• Coordinate remediation with responsible teams.
• Build and maintain dashboards for operational and executive reporting and deliver risk trends, root cause analysis, and remediation insights (e.g., Power BI).
• Analyze vulnerabilities across code, dependencies, scripts, and APIs.
• Design and manage SAST, DAST, SCA, and SBOM processes.
• Integrate vulnerability management into QA/UAT and development workflows.
• Enable shift-left security via CI/CD integrations (e.g., Snyk, Veracode).
• Analyze platform and infrastructure vulnerabilities including cloud-native risks.
• Administer, manage, and optimize agent-based, network, and cloud-integrated scanning across environments (e.g., Tenable Nessus, Rapid7).
• Maintain comprehensive asset inventory and coverage across endpoints, servers, containers, and cloud resources.
• Integrate vulnerability detection and remediation into CI/CD pipelines.
• Implement continuous monitoring and validation of pipeline security.
• Ensure code and artifact integrity along with secure software supply chain practices.
• Automate remediation wherever possible across pipelines and infrastructure.
• Participate in architecture and design documentation and reviews.
• Partner with Engineering and DevOps to ensure secure build, deploy, and supply chain pipelines.
• Maintain audit-ready evidence supporting frameworks such as HIPAA, SOC 2 and ISO 27001.
• Support third-party audits, penetration testing, and regulatory compliance efforts.

Benefits

• Comprehensive health coverage with multiple medical plan options - all covering 100% of in-network preventive care.
• Employer‑funded Health Savings Account (HSA) - up to $1,000 annually for family coverage.
• Dental & Vision plans with 100% coverage for routine dental care and $250 vision frame allowance, plus employee-only vision premiums at $0.
• 401(k) with immediate vesting and a 50% company match up to 6% of contributions.
• Generous paid parental leave, adoption assistance, and fertility benefits.
• Flexible PTO, paid holidays, a strong culture of work‑life balance and Flex Fridays in the summer.
• Mental health & wellbeing support, including Employee Assistance Program (EAP), movement and wellness resources.
• Rewards and recognition programs that celebrate employees through peer recognition, awards, and quarterly recognition initiatives.