We are seeking a highly skilled and experienced Vulnerability Management (VM) Technical Lead to drive our vulnerability management program from a technical standpoint across multi-cloud and containerized environments. This leadership role demands deep expertise in Common Vulnerabilities and Exposures (CVE), misconfigurations, and exploiting vulnerabilities in cloud platforms and third-party software. The ideal candidate will possess strong knowledge of security vulnerabilities, hands-on experience with cloud platforms (GCP, AWS, Azure), containerized environments, and proficiency in Infrastructure as Code (IaC). In addition, this position will lead vulnerability assessments, remediation efforts, and continuous improvement initiatives, ensuring compliance with industry security standards.Key
Responsibilities
- Leverage various security tools to continuously scan and identify vulnerabilities across multiple environments, including GCP, Azure, AWS, On-prem, and containerized environments.
- Ensure comprehensive vulnerability assessments are conducted to proactively detect risks and address them.
- Understand how deployments occur in an IaC environment and identify where vulnerabilities exist in code repositories (e.g., GitHub).
- Establish strategies for mitigating, preventing, and remediating vulnerabilities within IaC pipelines.
- Evaluate the potential impact of these vulnerabilities on cloud, on-prem, and containerized environments, and propose strategies to prevent exploitation.
- Oversee the security of container images, base images, lambdas, and other entry points for vulnerabilities.
- Implement best practices for securing containerized applications and ensure containers are scanned regularly for known vulnerabilities.
- Conduct thorough root cause analysis to understand underlying issues of identified vulnerabilities or security misconfigurations.
- Develop and implement long-term strategies to prevent recurrence.
- Collaborate with development, operations, and security teams to plan and execute remediation strategies for identified vulnerabilities.
- Ensure timely resolution and that the appropriate patches and fixes are applied.
- Maintain continuous compliance with security frameworks and standards, including NIST, SOC 1/2, ISO, CIS, and other relevant regulatory requirements.
- Regularly report on vulnerability management progress, including identified vulnerabilities, remediation efforts, and security posture improvements.
Required Skills & Experience
- Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.
- Minimum of 5 years of experience in vulnerability management, cybersecurity, or related roles, with a focus on containerized environments and cloud infrastructure.
- Extensive knowledge of CVE databases and the ability to assess vulnerabilities in the context of cloud and containerized applications.
- Experience working with cloud platforms such as AWS, Azure, GCP, and on-prem environments.
- Strong understanding of container security, including securing images, registries, and container orchestration platforms (e.g., Kubernetes).
- Proficiency in Root Cause Analysis (RCA) and development of remediation plans.
- Familiarity with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) and Git-based workflows.
- Knowledge of security compliance standards, including NIST, SOC 1/2, ISO 27001, and CIS.
- Strong analytical and problem-solving skills to identify vulnerabilities, assess risk, and lead the resolution process.
- Excellent written and verbal communication skills. Ability to communicate technical concepts to both technical and non-technical stakeholders.
- Proven leadership abilities to mentor teams, drive initiatives, and collaborate with cross-functional teams to ensure security best practices are followed.