Key skills
GoAngularJSCDNLeadershipCommunicationWAF
About this role
Title: Vulnerability Manager (Execution-Led, Root-Cause Focused)
Client Location: Remote
Type: Contract
Role Overview:
- The Vulnerability Manager is a hands-on, execution-driven leader responsible for driving enterprise-wide vulnerability remediation through root cause identification, pattern-based fixes, and coordinated execution across application, infrastructure, and security domains.
- Unlike traditional tracking roles, this position actively analyzes systemic vulnerabilities, defines remediation patterns, and guides teams toward scalable fixes, ensuring rapid reduction of risk exposure across the enterprise.
Key Responsibilities:
Vulnerability Governance & Execution Leadership:
- Own end-to-end vulnerability lifecycle: prioritization, remediation, validation, and closure tracking
- Drive centralized orchestration and federated execution across App Build, App Run, Infra, and Security teams
- Establish and enforce execution cadence, dependency management, and SLA adherence
- Ensure continuous validation via re-scan and closure confirmation
Root Cause Analysis & Pattern Identification:
- Go beyond symptom-level fixes to identify systemic root causes across vulnerability classes
- Analyze vulnerability trends (e.g., outdated libraries, misconfigurations, TLS issues, DNS risks)
- Convert recurring issues into standardized fix patterns (e.g., 63 systemic vulnerabilities driving 3000+ findings)
- Collaborate with SMEs (App, Infra, Security) to validate findings and root causes
Fix Recommendation & Solution Design Enablement:
- Define scalable, repeatable remediation strategies (e.g., framework upgrades, config baselines, security control hardening)
- Provide clear fix recommendations and design guidance to execution teams
- Partner with architects to ensure solutions align with enterprise standards and approvals
- Translate security findings into actionable engineering tasks
Cross-Functional Coordination (Taskforce Model):
Serve as the central bridge between Taskforce and Run teams
Coordinate:
- Application teams → code-level fixes (e.g., XSS, libraries)
- Infrastructure teams → DNS, TLS, network configurations
- Security teams → WAF/CDN, policies, controls
- Ensure division of responsibility is clear (Taskforce = change-heavy/app fixes; Run teams = platform/config fixes)
Risk-Based Prioritization & Remediation Strategy:
- Prioritize vulnerabilities based on:
- Exploitability (e.g., known CVEs like jQuery, AngularJS)
- Business exposure (customer data risk, service disruption)
- Regulatory impact
- Drive wave-based remediation strategies (Critical → High)
- Focus on high-impact vulnerabilities with broad systemic exposure
Metrics, Reporting & Executive Communication:
Provide clear visibility into risk posture, remediation progress, and residual risk
Track:
- Open vs. closed vulnerabilities
- Root-cause reduction trends
- Pattern-based remediation impact
- Communicate insights and risks to executive stakeholders in a concise manner
Key Outcomes Expected:
- Near-elimination of critical external vulnerabilities
- Significant reduction in vulnerability volume via pattern-based remediation
- Improved security posture and audit readiness
- Reduced attack surface and operational risk
Required Skills & Experience:
- Technical Expertise
- Strong knowledge of:
- Application vulnerabilities (XSS, API security, libraries)
- Infrastructure risks (DNS, TLS/PKI, cloud misconfigurations)
- Security controls (WAF, CDN, access controls)
- Ability to interpret vulnerability scan outputs (e.g., IONIX-like platforms) and translate into action
Analytical & Problem-Solving:
- Proven ability to:
- Perform root cause analysis across layers
- Identify patterns across large-scale vulnerability data
- Design scalable remediation approaches
Leadership & Execution:
- Experience leading cross-functional remediation programs
- Strong coordination skills across distributed teams (Build, Run, Security)
- Ability to drive execution without direct authority
Communication:
- Translate technical issues into business risk and executive-level insights
- Provide clear, actionable fix guidance to engineering teams