Job
Description
We are looking for a strategic and technically capable Cyber Defense Vulnerability Manager to lead vulnerability management initiatives within our Cyber Defense Operations (CDO) function. Responsible for the vulnerability remediation strategy, aligning with Arms global security standards and running the operational execution of the vulnerability management lifecycle. Responsibilities: Develop and lead strategic vulnerability management and Attack surface management initiatives across teams and geographies. Drive remediation accountability and ensure alignment with business risk profiles. Coordinate integration of threat intelligence and vulnerability scanning and Penetration Testing tools (eg, Tenable, Qualys) with ServiceNow workflows. Define Key Performance Indicators and metrics to govern remediation efficiency and SLA compliance. Collaborate with global teams, including Product Security, Red Team, Threat Intelligence, and Engineering. Provide leadership and mentoring to vulnerability analysts. Champion process automation and tooling enhancements. Drive operational transformation to mature existing processes, procedures and tooling. Lead the response efforts for major vulnerabilities in conjunction with security partners across the business. Act as a senior technical authority, as we'll as an escalation point for advanced response coordination. Scope and perform security reviews of platforms, web applications, mobile applications, and private and public cloud environments. Identify architectural deficiencies and implement vulnerability mitigation strategies to address. Required Skills and Experience: Demonstrable experience leading a vulnerability and Attack Surface management function in a global or enterprise-scale environment. Expertise in platforms like ServiceNow Vulnerability Management, Tenable, and third-party integrations. Sufficient understanding of web technologies to handle Web vulnerabilities. Solid understanding of security governance, frameworks (ISO 27001, NIST), and risk assessment practices. Demonstrated leadership in running multi-functional teams and stakeholder alignment. Ability to articulate security risk and remediation impact to executive audiences. Exposure to Networking, automation, scripting, and API integrations. Specialist technical knowledge spanning security and IT domains to enable a comprehensive response to vulnerabilities of the highest complexity, as we'll as cross organisational incident management. Detailed cyber security threat landscape knowledge and experience in bringing it to bear in response to a vulnerability. Nice To Have Skills and Experience: bachelors or masters in Cybersecurity, IT, or related field! Certifications such as CISSP, CISM, GIAC (GCCC, GCPM), or PMP. Understanding of Agile or DevSecOps practices
