Technical Manager Cyber Vulnerability Management

About

Lead end-to-end enterprise Cyber Vulnerability Management operations covering infrastructure, cloud & application security domains.

Responsibilities

• Manage application security tools such as Checkmarx (SAST) and Invicti (DAST), including onboarding new applications, configuring and fine‑tuning scans, setting up authentication, enforcing security policies, and ensuring vulnerabilities are tracked and remediated properly.
• Ensure Wiz cloud security findings are automatically routed into enterprise tools like ServiceNow and SIEM for tracking and remediation, focusing on high‑risk exposures such as internet‑facing systems and identity or data misconfigurations.
• Embed secure SDLC controls including PR checks, severity thresholds, release gates, exception processes, and time‑bound risk waivers.
• Develop executive‑level dashboards covering MTTR, SLA adherence, aging vulnerabilities, recurring CWEs, DLP incident trends, and overall risk posture.
• Mentor analysts and engineers, manage cross‑functional remediation backlogs, and collaborate with Infra, DevOps, Compliance, and Security leadership to drive measurable risk reduction.
• Act as primary point of contact for Rapid7 platform management including scan configuration, asset tagging, authentication scans, dashboards, risk scoring models, remediation projects, and executive reporting.
• Perform advanced vulnerability data analysis across Windows, Linux, AIX, middleware, databases, cloud workloads, and containerized environments; prioritize risk using business impact and exploitability context.
• Conduct root‑cause analysis of recurring vulnerabilities and drive systemic improvements in patching cadence, hardening baselines, and configuration management.
• Oversee validation of remediation through verification scans, differential analysis, SLA tracking, and risk acceptance governance.
• Lead Microsoft Purview DLP operations including monitoring, investigation, tuning of policies, sensitivity labels, insider risk indicators, and false‑positive reduction.
• Establish and govern AI security controls across M365 Copilot, Power Platform, and third‑party AI integrations ensuring data protection and policy compliance.

Requirements

• Minimum years of experience as a Technical Manager in Cyber Vulnerability Management.
• Industry certifications such as CISSP, CISM, or CRISC.
• Technical certifications in vulnerability and cloud security (e.g., GIAC GPEN/GMON, AWS/Azure Security, or equivalent).
• Microsoft Security certifications related to Purview, Information Protection, or Security Operations.
• Formal training or certification in Secure SDLC, DevSecOps, or Application Security (e.g., CSSLP, GWAPT, or equivalent).