Manager - ASM Vulnerability Management - Patching
Deloitte · Costa Mesa, CA · 2 days ago
HybridInformation Technology$135k–$265k/yrFull-time
Responsibilities
- Managing exposure-based remediation and patching activities aligned to CTEM priorities
- Leading vulnerability and patch management operations across infrastructure, middleware, and applications
- Prioritizing remediation activities using threat intelligence, exploitability, attack paths, asset criticality, and exposure data
- Supporting exception management, incident-driven response activities, and process improvements that reduce cyber risk
- Developing client deliverables, contributing to proposals and points of view, and mentoring junior practitioners
Requirements
- 10+ years of experience in information technology, information security, or both
- Experience leading vulnerability management, patch management, or continuous threat exposure management remediation programs
- Experience remediating vulnerabilities across Linux, Windows, middleware, and applications using tools such as BigFix, Microsoft Endpoint Configuration Manager, Red Hat Satellite, Windows Server Update Services, Tenable, Rapid7, or Qualys
- Experience automating remediation workflows using PowerShell, Bash, Python, JavaScript Object Notation, Ansible, Terraform, or a combination of these
- Experience using Information Technology Service Management or configuration management database platforms such as ServiceNow to coordinate remediation and report exposure reduction
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, Information Technology, or a related field
- Experience in a consulting environment or with a Big 4 firm
- Experience with ServiceNow workflows, automation, or orchestration
- Experience with frameworks such as the National Institute of Standards and Technology Cybersecurity Framework, Center for Internet Security, International Organization for Standardization 27001, or Cloud Security Alliance Cloud Controls Matrix
- Experience supporting proposals, statements of work, or work orders