Senior Vulnerability Manager

Posted Yesterday
Be an Early Applicant
Belfast, County Antrim, Northern Ireland, GBR
In-Office
Senior level
On-Demand • Security • Software
The Role
Lead and own the enterprise vulnerability management program across cloud, endpoints, and applications: design scanning and automated patching architectures, prioritize risk using CVSS/EPSS/KEV, enforce remediation SLAs, integrate with ITSM/CMDB and CI/CD pipelines, produce executive metrics, mentor staff, and maintain audit-ready evidence.
Summary Generated by Built In

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

The Senior Vulnerability Management Engineer owns the enterprise vulnerability management program across cloud, endpoint, and application surfaces, driving risk-based identification, prioritization, automated remediation, and verified closure in partnership with IT, Cloud, and Product teams. Operating with minimal guidance, this role combines hands-on technical engineering depth with program ownership—designing and implementing scanning architectures, automated patching workflows, and data pipelines alongside governing the policies, SLAs, and metrics that drive measurable risk reduction. The role leads others to solve complex, cross-domain problems, shapes program methods and measures, and influences adjacent teams to achieve remediation SLAs and reduce measurable exposure. It aligns with company standards for vulnerability governance, remediation schedules, and exception management.
Essential Functions/Responsibilities
• Govern the end-to-end vulnerability management lifecycle—intake, scanning, triage, risk scoring, remediation orchestration, verification, and reporting—in alignment with the company Vulnerability & Patch Management Security Standard.
• Apply CVSS, EPSS, and CISA KEV signals for risk-based vulnerability prioritization; codify triage logic into policy, SOPs, and dashboards.
• Enforce remediation SLAs; manage risk acceptances and time-bound exceptions; report exception aging trends to leadership.
• Drive complete and accurate asset coverage across servers, endpoints, containers, cloud services, and applications; partner with CMDB and asset owners to close inventory gaps.
• Design, administer, and optimize enterprise vulnerability scanners for infrastructure, cloud, container, and application layers; integrate scan results into ITSM workflows for timely remediation.
• Design, implement, and maintain enterprise automated patching capabilities across server, endpoint, and cloud workloads; integrate with change management and ITSM processes; validate patch success rates and drive MTTR reduction aligned to NIST SP 800-40r4.
• Collaborate with Threat Intelligence and Incident Response to dynamically adjust priority queues based on active exploitation, KEV entries, and zero-day disclosures.
• Partner with IT/Cloud Ops and Product/SWE teams to integrate patch and mitigation planning into CI/CD and infrastructure-as-code pipelines; champion automated remediation over manual processes.
• Maintain executive-ready metrics covering exposure, SLA adherence, backlog, exception aging, asset coverage, and patch automation coverage; deliver regular status and risk narratives to Directors and Vice Presidents.
• Tune risk models, scanning frequency, authenticated coverage, change windows, and patch validation methods to continuously reduce exposure and MTTR; lead automation initiatives that eliminate manual toil across the vulnerability lifecycle.
• Serve as a technical resource and mentor for less experienced team members; lead cross-team workstreams and champion engineering best practices and program rigor consistent with senior IC leadership.
• Maintain program evidence—findings, decisions, exceptions, verifications, and patch records—in audit-ready condition to support internal and external compliance reviews.
• Proactively identify, assess, and remediate configuration weaknesses in enterprise SaaS applications and cloud platforms; enforce compliance with security baselines through automated and manual review.
• Other tasks and activities as assigned.
Required Education/Experience & Skills
• 5–7+ years in vulnerability management or closely related cybersecurity/IT engineering roles, operating independently and leading others to solve complex, cross-domain problems.
• Proven hands-on experience with enterprise vulnerability scanning technologies (infrastructure, cloud, container, application), authenticated scanning, and ITSM/CMDB integrations.
• Hands-on design and operation of enterprise automated patching

 

Black Duck is an equal opportunity employer. We consider all applicants for employment without regard to race, color, national origin, religion, sex, gender identity or expression, age, disability, sexual orientation, veteran or military service status, or any other characteristic protected by applicable law. Black Duck complies with all applicable laws prohibiting employment discrimination in every jurisdiction where it operates and provides reasonable accommodations to individuals with disabilities in accordance with applicable law.

Skills Required

  • 5-7+ years in vulnerability management or closely related cybersecurity/IT engineering roles
  • Proven hands-on experience with enterprise vulnerability scanning technologies for infrastructure, cloud, container, and application layers
  • Experience with authenticated scanning and integrations with ITSM and CMDB systems
  • Hands-on design and operation of enterprise automated patching across server, endpoint, and cloud workloads
  • Ability to apply CVSS, EPSS, and CISA KEV signals for risk-based prioritization and codify triage logic into policies and SOPs
  • Experience integrating patch and mitigation planning into CI/CD and infrastructure-as-code pipelines
  • Experience producing executive-ready metrics and reporting exposure, SLA adherence, backlog, and automation coverage
  • Experience collaborating with Threat Intelligence and Incident Response to adjust priorities based on active exploitation
  • Experience maintaining audit-ready program evidence to support compliance reviews
  • Experience identifying and remediating configuration weaknesses in enterprise SaaS applications and cloud platforms and enforcing security baselines
  • Proven ability to lead cross-team workstreams, mentor less experienced team members, and champion engineering best practices

Black Duck Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Black Duck and has not been reviewed or approved by Black Duck.

  • Healthcare Strength Medical, dental, and vision coverage provide multiple plan choices with transparent costs, with carrier updates noted for 2026. Vision via VSP and dental plan options offer defined tiers and network access.
  • Retirement Support Retirement programs include a 401(k) with company matching alongside an employee stock purchase plan with a discount and lookback. These features support longer‑term savings and wealth building.
  • Leave & Time Off Breadth Exempt employees use a manager‑approved, no‑cap time‑off model, while non‑exempt employees accrue flexible time off alongside sick time. Paid leaves include parental and family care leave, with additional protections under applicable leave laws.

Black Duck Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Burlington, MA
275 Employees
Year Founded: 2002

What We Do

Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, London, Frankfurt, Hong Kong, Tokyo, Vancouver, Seoul & Beijing

Why Work With Us

We pride ourselves on cultivating an environment of collaboration, creativity, and fun! We know where you work can influence how you work, which is why our collaborative office space focuses on community and continuous learning. Our work-hard, play-hard attitude even got us named a Top Place to Work in Massachusetts by The Boston Globe!

Gallery

Gallery

Similar Jobs

SailPoint Logo SailPoint

Sales Executive

Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
Remote or Hybrid
United Kingdom
2461 Employees

Pfizer Logo Pfizer

Senior Director, Internal Medicine Portfolio Strategy Lead

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
215K-358K Annually

Pfizer Logo Pfizer

Director, Portfolio Strategy Inflammation & Immunology

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
177K-294K Annually

Boeing Logo Boeing

Financial Analyst

Aerospace • Information Technology • Software • Cybersecurity • Design • Defense • Manufacturing
In-Office
Belfast, County Antrim, Northern Ireland, GBR
170000 Employees
51K-51K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account