Vulnerability Management Lead

Role Overview: 

We are seeking a seasoned Vulnerability Management Lead to oversee and evolve our enterprise-wide threat and vulnerability management program. This role sits at the intersection of security operations and strategic program leadership — responsible for driving systematic identification, assessment, prioritization, and remediation of vulnerabilities across a complex global environment spanning on-premises infrastructure, cloud platforms, and hybrid deployments.

The ideal candidate brings both hands-on technical depth and the leadership acumen to engage stakeholders at all levels, from engineering teams executing remediations to executives requiring clear risk summaries. This is a high-impact position for someone passionate about operational excellence and continuous program improvement.

Key Responsibilties: 

•     Own the end-to-end vulnerability management lifecycle across enterprise environments including Windows and Linux operating systems, network infrastructure, cloud platforms (AWS and Azure), containerized applications, and digital certificate management.

•     Execute and oversee ongoing vulnerability scanning, risk prioritization, and structured remediation workflows across cloud and on-premises systems, applying recognized industry frameworks and security best practices.

•     Develop and maintain a metrics and reporting framework to measure program maturity, track remediation SLAs, and communicate risk posture to internal and external stakeholders — leveraging automation to reduce manual effort and improve accuracy.

•     Serve as the internal subject matter authority on vulnerability risk, providing guidance to both technical and non-technical teams on threat impact, exploitability, and remediation options — including endpoint protection, network-level controls, and cloud-native security mechanisms.

•     Build and maintain collaborative working relationships with cross-functional and global teams to ensure vulnerability risks are clearly communicated, tracked, and resolved in alignment with organizational risk appetite.

•     Lead root cause analyses following security events or remediation gaps, and produce clear executive-level reports summarizing findings, risk exposure, and recommended courses of action.

•     Support day-to-day program operations including documentation upkeep, policy and procedure development, and participation in incident response activities as required.

•     Continuously assess and improve program tooling, processes, and detection capabilities to stay ahead of the evolving vulnerability landscape and organizational scale.

•     Plan and coordinate security testing and validation exercises — including scan coverage reviews, finding validation, and remediation verification — across applications, infrastructure, and data environments.

•     Prepare and deliver SLA-aligned, volume-based, and risk-tiered reporting for internal leadership and external stakeholders as required.

Qualifications: 

•     Bachelor's degree in a relevant field with 5+ years of progressive experience in information security, with a focus on vulnerability management or security operations.

•     Demonstrated hands-on proficiency with enterprise vulnerability scanning platforms such as Rapid7, Qualys, Tenable, or Armis; familiarity with SIEM tooling, ticketing/workflow systems (e.g., ServiceNow Vulnerability Response), and hybrid cloud security environments (AWS, Azure).

•     Proven track record leading vulnerability management functions — including full-cycle scanning operations, risk communication, and remediation tracking across diverse technology environments.

•     Working knowledge of data visualization and reporting platforms such as Wiz, Snowflake, or Power BI, with strong proficiency in Excel and PowerPoint for stakeholder reporting and analysis.

•     Scripting experience in Python or PowerShell is an asset, particularly for automation of vulnerability workflows and process optimization.

•     Familiarity with security and compliance frameworks such as NIST CSF or ISO 27001 is beneficial.

•     Strong organizational skills with the ability to manage competing priorities independently while contributing effectively within collaborative team settings.

•     Exceptional communication skills — able to translate complex, technical vulnerability findings into business-relevant language for executive and non-technical audiences.