Vulnerability Management Manager
Con Edison · New York, NY · 5 days ago
On-siteManagementOther
Responsibilities
- Manage a team of about 9, coach performance and continuously build capabilities through hiring, skills plans and targeted training.
- Provide clear updates to leadership and partner teams, including project status, emerging issues and remediation progress for high severity items.
- Evolve beyond vulnerability patching by connecting vulnerabilities to exposure and threat context.
- Lead end to end intake, triage, prioritization and remediation coordination for system wide vulnerabilities.
- Identify and drive automation opportunities across scan orchestration, remediation ticketing, SLA tracking, and CI/CD pipeline integration to reduce manual effort and improve response time.
- Lead end-to-end tracking, risk assessment, and escalation for emerging critical vulnerabilities, including managing risk exceptions, proposing and documenting compensating controls and maintaining clear status updates.
- Partner with Cloud, platform and engineering stakeholders to reduce cloud risk misconfigurations.
- Triage findings by business impact, exploitability and exposure.
- Work with Application and Engineering Teams to prevent vulnerable code and insecure configurations earlier in the lifecycle. Ensure findings are triaged correctly, assigned owners, and tracked to SLA for remediation, with escalation when remediation is at risk.
- Drive effective Web Application Firewall operations, including rule tuning, validation and quality improvements.
- Cook up response to runtime risks and findings discovered during execution.
- Stand up OT intake, scope, asset coverage, remediation paths and verification.
- Train internal partners on how OT findings are prioritized and handled.
Qualifications
- Required Education/Experience: Bachelor's Degree and 8 years of relevant work experience. or Master's Degree and 6 years of relevant work experience.
- Preferred Education/Experience: Master's Degree Majors preferred in IT, computer science, business administration, engineering or related. and 6 years of relevant work experience.
- Relevant Work Experience: 6+ years in vulnerability management, security operations, application security, system security, or a related field, with proven ownership of triage and remediation workflows, required.
- Proven people leadership experience, including coaching, performance management, hiring and skills development for technical teams, required.
- Strong cloud security fundamentals, especially reducing critical and high-risk resource misconfigurations with stakeholder partners, required.
- Strong application security fundamentals, including shift left and runtime risk management, required.
- Experience leading response for critical vulnerabilities and urgent events, including zero-day response, secrets leakage triage, escalation, containment and validation, required.
- Experience tracking vulnerability and remediation metrics and building dashboards to measure SLA performance, aging, risk reduction and trends over time, required.
- Ability to turn security strategy into measurable operations, including metrics and leadership reporting, required.
- Experience standing up new programs from scratch with clear scope, intake and success criteria, required.
- Experience with CTEM or equivalent exposure management models beyond patching metrics, preferred.
- Practical WAF experience, including rule tuning, validation and improving detection quality, preferred.
- OT environment experience, or strong ability to quickly build OT vulnerability management capability, preferred.
- Experience applying vulnerability management and remediation controls to regulatory and compliance requirements, such as NERC CIP for OT and critical infrastructure, preferred.
- Certifications such as CISSP, CISM, GIAC or equivalent, required.
- Licenses and Certifications: Driver's License Required. Project Management Professional (PMP) Training and/or certification in Project Management is a plus.