Vulnerability Lead

Job Summary:

We are seeking a highly skilled and experienced Vulnerability Management Cloud Lead to join our team. The ideal candidate will be responsible for leading the organization's vulnerability management infrastructure and processes, ensuring the security and integrity of our cloud environments. This role involves working closely with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities.

Key Responsibilities:

Lead the vulnerability management program, including the delivery of enterprise-wide vulnerability assessments and targeted penetration testing.
Manage the security vulnerabilities and risks across cloud environments, including identifying and supporting application/system owners to manage risks and remediate vulnerabilities.
Perform technical and non-technical risk and vulnerability assessments of relevant technology focus areas.
Analyze site/enterprise Computer Network Defense policies and configurations and evaluate compliance with regulations and enterprise directives.
Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders.
Maintain appropriate management reporting mechanisms to facilitate communication of the vulnerability management program state across multiple levels within the organization.
Work closely with both business-oriented executives and technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
Review reports, assets, and vulnerability state; recommend remediation and validation approaches.
Direct the research of new technologies and work with key stakeholders to assess risk and implement and/or validate controls as necessary.

Qualifications:

Bachelor's degree in Computer Science, Engineering, Information Security, or a related field.
5-7 years of related experience in vulnerability management, cloud security, or a similar role.
Strong understanding of cloud security technologies and best practices.
Experience with vulnerability assessment tools and techniques.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills.
Relevant certifications such as CISSP, CISA, GPEN, GCIH, CISM, CEH, PMP, or OSCP are preferred.

Preferred Skills:

Familiarity with the OWASP framework and the software development lifecycle.
Knowledge of applicable policies, regulations, industry standards, and guidance pertaining to data protection and information security.
Experience with static (SAST) and dynamic (DAST) scanning analysis to understand application threats and vulnerabilities.