Jobs · Information Technology · Texas

Vulnerability Management Lead

Saronic Technologies · Austin, TX · 5 days ago
On-siteInformation TechnologyFull-time

Responsibilities

  • Vulnerability Operations
    • Own end-to-end vulnerability lifecycle: discovery, validation, prioritization, remediation tracking, exception management, and verification across cloud, on-prem, container, and embedded Linux environments
    • Operate and optimize enterprise vulnerability scanning platforms for continuous credentialed scanning across servers, endpoints, network devices, containers, and cloud assets; maintain coverage, schedules, and configuration audit policies
    • Integrate vulnerability scanning into CI/CD pipelines to harden build workflows, enforce least-privilege controls, and surface supply chain risks before they reach production
    • Leverage AI-assisted scanning and graph-based enrichment pipelines to accelerate triage, map lateral exposure paths, and prioritize findings by exploitability and mission impact
    • Correlate findings across tools to eliminate noise, reduce false positives, and surface the vulnerabilities that actually matter
  • Prioritization & Remediation Leadership
    • Apply CVSS, CISA KEV, exploit maturity, and asset exposure context — including internet-facing systems, privileged access paths, and classified adjacency — to drive risk-based SLAs and remediation sequencing
    • Partner with software and platform engineering teams to drive timely remediation; own escalation paths for aging critical and high findings
    • Lead critical CVE response: rapid triage, impact assessment, containment guidance, and stakeholder communication for zero-days and actively exploited vulnerabilities
    • Coordinate patching windows and change management across Windows, Linux, network devices, and cloud services
  • Compliance & Reporting
    • Align the VM program to CMMC Level 2/3 requirements; produce audit-ready evidence, POA&Ms, and control effectiveness documentation
    • Deliver executive and operational reporting: exposure trends, SLA performance, mean time to remediate, patch coverage, and remediation velocity
    • Support CMMC assessments and audits with clean, well-documented vulnerability data and remediation history
    • Maintain asset inventory hygiene and scan coverage metrics; ensure classified and sensitive system boundaries are respected in tooling and data handling
  • Program Maturity & Automation
    • Build and mature automation for scan scheduling, finding enrichment, ticket creation, SLA tracking, and reporting — reducing manual overhead as the program scales
    • Define and refine VM policies, procedures, and playbooks including critical CVE response runbooks and patch cadence standards
    • Evaluate and recommend tooling improvements; drive integration across the vulnerability management and broader security stack
    • Mentor and support analysts as the team grows; run tabletop exercises for vulnerability and patching scenarios

    Qualifications

    • 5+ years in cybersecurity with 3+ years of hands-on vulnerability management ownership in hybrid on-prem/cloud environments
    • Deep operational expertise with enterprise vulnerability scanning platforms — credentialed scanning, policy tuning, coverage management, and integration with downstream workflows
    • Strong command of CVE/CVSS scoring, CISA KEV, exploit maturity indicators, and the ability to translate technical risk into business impact for non-technical stakeholders
    • Experience with CI/CD security tooling and supply chain risk management, including build pipeline security principles
    • Proven track record driving remediation accountability across engineering teams — you know how to get vulnerabilities closed, not just report them
    • Experience aligning VM programs to federal or defense compliance frameworks; CMMC, NIST SP 800-171, or NIST RMF experience strongly preferred
    • Metrics-driven: comfortable owning exposure reduction KPIs, SLA adherence, MTTR, and patch coverage dashboards
    • Clear, direct communicator — equally effective in a technical deep-dive and an executive briefing

Similar jobs