CrawlJobs Logo

Manager, Vulnerability Management

https://www.marriott.com Logo

Marriott Bonvoy

Location Icon

Location:
United States , Bethesda

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

96000.00 - 161500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

The Manager, Vulnerability Management, functions as a technical expert in vulnerability scanning and remediation tracking. The role will be responsible for identifying vulnerabilities through vulnerability scanning and ensuring remediation through assessment and reporting. The role will also maintain the evaluation process, identify areas for process improvement to ensure the inclusion of appropriate elements of quality and compliance with security policy and regulations. The role will help with enterprise vulnerability scanning and will be able to create and manage integrated assessments. This role is for a technical expert who can monitor and assess vulnerability scanning data. It requires the ability to communicate with technical and non-technical stakeholders, relays the importance of the vulnerability management activities, the risks presented by findings, and potential remediation actions. This role requires a working knowledge of security and network protocols, system and network administration, and configuration management.

Job Responsibility:

  • Provide technical leadership to the information vulnerability management process, including developing and managing remediation activities
  • Identify, triage, and prioritize vulnerabilities and associated remediation and mitigation activity using multiple sources of vulnerability, threat, and asset data
  • Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities for which complete remediation does not exist, on both individual assets and on multi-asset solutions and environments
  • Use internal solutions to report on open vulnerabilities, remediation progress, remediation compliance, and vulnerability metrics for use by technical, management, and executive stakeholders
  • Perform planned and ad-hoc vulnerability scanning, determine remediation options and track remediation to completion
  • Evaluate and test hardware, firmware and software for possible impact on system security, and the investigation and resolution of security risk and incidents
  • Assist in the direction of third-party vendors activities to include prioritizing work, developing processes to govern such activities, and reporting on the status, type, and effectiveness of those activities
  • Create, maintain, and mature vulnerability management processes and related documentation
  • Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders
  • Work proactively with IT Infrastructure partners with respect to strategic and tactical plans for information security
  • Educates internal and external users of security technologies to continually improve the knowledge and skill base of the organization on how best to manage security configuration, patch management and vulnerability management within the infrastructure services
  • Participates in the evaluation and selection of security services products
  • Promotes the benefits of security services to the organization and educates the team on security concepts
  • Trains and/or mentors other team members, and peers as appropriate
  • Provides financial input on department or project budgets, capital expenditure or other cost/resource estimates as requested
  • Identifies opportunities to enhance the service delivery processes
  • Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
  • Maintains a proper balance between business and operational risk
  • Follows the defined project management standards and processes

Requirements:

  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 5+ years of experience in information security that also includes background and knowledge of general security concepts such as defense in-depth, least privilege, etc.
  • 2+ years’ experience with: Vulnerability scanning and assessment using Tenable VM or Tenable Security Center
  • Vulnerability assessment and reporting, including comprehensive understanding of Vulnerability Management methodologies and procedures, threat assessment, and remediation management
  • Implementing, managing or using enterprise vulnerability assessment technologies, including Tenable.io, Tenable Security Center, or similar vulnerability solutions, is required

Nice to have:

  • Current information security certification, including Certified Information Systems Security Professional (CISSP), GIAC certification, or Certified Information Security Manager (CISM)
  • Technical leadership experience in sourced and contractor environments
  • Experience managing or operating enterprise vulnerability management in a large commercial enterprise
  • Experience working in a multi-cloud enterprise environment
  • Ability to understand and manipulate large data sets to provide analysis and reporting
  • Experience with workflow solutions, including ServiceNow and Jira
  • Experience working on medium-to-large projects involving multiple teams in a technical lead role within an enterprise environment
  • Experience with managing technical aspects of various controls frameworks, such as NIST Security and Privacy Controls and PCI-DSS
  • Experience managing or operating enterprise vulnerability management in a large commercial enterprise
  • Familiarity with attack and exploitation techniques involving operating systems, applications, and devices commonly seen in an enterprise environment
  • Excellent communication skills and problem-solving ability
  • Demonstrated ability to work independently and with others
  • Technical infrastructure operations, administration, or engineering background
  • Understanding of Agile workflow management, including sprints and Kanban
What we offer:
  • 401(k) plan
  • stock purchase plan
  • discounts at Marriott properties
  • commuter benefits
  • employee assistance plan
  • childcare discounts
  • coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance
  • paid sick leave
  • PTO
  • holidays

Additional Information:

Job Posted:
April 11, 2026

Expiration:
April 21, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Marriott Bonvoy - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Manager, Vulnerability Management

Director, Vulnerability Management

The Director of Vulnerability Management takes full accountability for running t...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-8 years experience of leading, mentoring, and growing high-performing teams within the vulnerability management domain
  • Proven experience managing vulnerability management programs at enterprise scale
  • Ability to respond quickly to emerging vulnerabilities and implement immediate remediation measures
  • Comfortable operating under high-pressure conditions with competing priorities
  • Strong technical expertise in vulnerability management platforms and scanning technologies
  • Executive presence with the ability to engage and influence senior leadership effectively
  • Expertise in reporting and metrics to drive accountability and transparency
  • Strong problem-solving and analytical skills to assess risk and develop mitigation strategies
  • Ability to lead complex projects and collaborate across multiple business units
  • Bachelor's Degree
Job Responsibility
Job Responsibility
  • Leads projects, or delegates and supervises project leaders, for security initiatives involving the hardware and application systems
  • Leads and is accountable for scanning operations, data and metrics, and leading projects in the overall VM landscape
  • Maintain, configure and operate the vulnerability management platforms to optimal levels
  • A strong focus on reporting and metrics to ensure that risk is constantly being addressed and programs are in place to continuously improve the security posture of Comcast from a vulnerability management perspective
  • A strong and confident people leader that aligns to Comcast values and helps to coach, mentor and grow the team
  • Works in close alignment with internal Security Development Lifecycle (SDL) coaches and our security leads to help drive down vulnerabilities across the enterprise
  • Collaborates with other Information Technology departments and key business areas to ensure information security requirements are defined, documented, tested and delivered as part of project deliverables
  • Performs sophisticated analytical tasks to assess risk and determines strategies required to resolve issues, accurate technical security problems, or mitigate risk
  • Assists in the preparation of budgets and forecasts
  • Selects, develops and evaluates personnel to ensure efficient operations within department
What we offer
What we offer
  • Paid Time off
  • Physical Wellbeing benefits
  • Financial Wellbeing benefits
  • Emotional Wellbeing benefits
  • Life Events + Family Support benefits
  • Fulltime
Read More
Arrow Right

Vulnerability Management Technical Lead

The role includes managing and optimizing vulnerability management workflows usi...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4 to 8 years of experience
  • engineering graduate - preferably B.E./B.Tech in IT or Computer Engineering
  • strong analytical skills
  • experience with security information and event management (SIEM) tools
  • ~5 years of experience in information security, specifically in end-to-end vulnerability management with 2-3 years hands-on Rapid7 experience
  • advanced degrees or certifications preferred
  • knowledge of current cybersecurity trends, threats, and techniques
  • understanding of regulatory requirements
  • ability to work independently and collaboratively
  • good interpersonal and communication skills
Job Responsibility
Job Responsibility
  • ensure that Rapid7 is fully and effectively implemented
  • assist with design, implementation, and optimization of automated tagging workflows
  • build and refine InsightVM dashboards and reports for insights
  • integrate Rapid7 with external systems for accurate asset context and automated remediation ticket creation
  • collaborate with IT teams to reduce false positives and orphaned assets
  • implement and support scan scheduling and tuning
  • assist in risk acceptance workflows
  • troubleshoot scan and synchronization issues
  • drive process improvements in vulnerability management workflow
  • deliver security reports and presentations
What we offer
What we offer
  • inclusive and respectful work environment
  • positions open to people with disabilities
  • Fulltime
Read More
Arrow Right

Vulnerability Management Specialist

We are seeking one Vulnerability Management Specialist w/ English for our client...
Location
Location
Portugal , Porto
Salary
Salary:
Not provided
https://www.inetum.com Logo
Inetum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 5 years’ experience in IT field
  • Wide vision on IT field
  • Cybersecurity knowledge/experience is a plus
  • Very good oral and written English
  • Produce regular and on demand reports about all topics
  • MS Excel advanced knowledge
  • Fulltime
Read More
Arrow Right

Senior Backend Engineer (Golang) Security & Vulnerability Management

Endor Labs is on a mission to enhance developer productivity and accelerate open...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in engineering with 6-8 years of experience building scalable backends for product/SaaS companies
  • At least 3-years experience in Golang programming with a focus on microservices/distributed architecture
  • Triaging, prioritizing and resolving vulnerabilities reported for containers and application-level dependencies, as well as solid knowledge of common standards in this space, e.g., CVE, CVSS, OVAL or PURL
  • Using two or more package managers of different ecosystems (e.g., Java/Maven, Node.js/npm or Debian/APT) for pulling and publishing artifacts, esp. in combination with company-internal registries, plus an understanding of their respective dependency specification formats, resolution algorithms and versioning conventions/formats
  • Practical experience in designing APIs with one or more frameworks (gRPC [preferred], ReST, GraphQL, Thrift, etc.)
  • Ability to build and design technical solutions from scratch and your code and documentation can be used as an example for coding best practices at Endor
  • Scalable Distributed System Experience - understand micro-services and domain-driven design, load balancing, horizontal/vertical scaling, and stateless architectures
  • Architecture - knowledge of data structures and a keen eye for building architectures that scale and extend easily for longevity
  • Apply data-driven techniques to evaluate and propose architectural choices
  • Ability to discuss tradeoffs between architecture’s choice to influence groups to move in the right direction
Job Responsibility
Job Responsibility
  • Architect and build the core backend infrastructure for SaaS products
  • Design, architect, and build features end-to-end while working closely with Product Management and the engineering team
  • Ensure scalability, reliability, and performance of systems
  • Drive innovation, make critical architectural decisions, and lead the implementation of cutting-edge technologies
  • Troubleshoot distributed systems and solve root causes.
  • Fulltime
Read More
Arrow Right

Vulnerability Reporting Lead

Within CISO, the Vulnerability Operations Team is responsible for managing and i...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in vulnerability management or information security reporting functions
  • Strong project management skills
  • Familiar with management of development items in Jira
  • Strong communication skills
  • Familiarity with Vulnerability Assessment tools, e.g., Nessus, Qualys, etc.
  • OS Security, e.g., Unix, Linux, Windows, Cisco, etc.
  • Web application infrastructure, e.g., Application Servers, Web Servers, Databases
  • Web development and programming languages i.e., Python, Perl, Ruby, Java, and/or .Net
  • Business Intelligence tools
  • SQL scripting and advanced Excel skills
Job Responsibility
Job Responsibility
  • Drive vulnerability reporting and engagement program enhancements
  • Rationalize tooling and initiatives for vulnerability lifecycle management and reporting
  • Develop relationships with sectors to resolve aging critical vulnerabilities on assets within Citi
  • Prioritize various business requirements for enhancements to vulnerability management program
  • Analyze data to identify trends, opportunities and deliver audit/regulatory deliverables
  • Work with vulnerability lifecycle managers, Asia and Europe-based operations and application support teams to analyze requirements, design and develop specs and manage data which supplies information to all vulnerability threat reporting and analysis
  • Lead Europe-based level one support team, responsible for basic troubleshooting and providing clarity to data consumers on steps required for vulnerability remediation
  • Implement identified process improvements
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

Cyber Security Engineer position at Sopra Steria, a major Tech player in Europe ...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Governance - Security Operational Tasks support & governance. Compliance and Risk Management
  • Vulnerability Management - vulnerability (infra and app) scans and remediation plans
  • SMP (Security Management Plan) - preparing, reviewing and managing
  • Authorisation management - should have managed the accounts & controls in the Infra scope
  • Security Patch management - end-to-end coordination and implementation
  • Security product management - Antivirus Management, like TrendMicro, Defender, etc...
  • Security incident management - Managing the end-to-end security incident lifecycle with corrective measures
  • Audit support - support auditors' mandate on the security system and artefacts
  • Mitigation - thinking analytically and executing efficiently. Analyse and optimise orchestration and automation between security tools
  • Vendor Management, Collaboration, Facilitation - Excellent customer-facing skills and significant experience building strong client relationships
What we offer
What we offer
  • Commitment to fighting against all forms of discrimination
  • Inclusive and respectful work environment
  • Open to people with disabilities
  • Fulltime
Read More
Arrow Right

Head of cyber threat exposure and attack surface management

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction
  • Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies
  • Strong understanding of attack paths, adversary emulation, and continuous validation concepts
Job Responsibility
Job Responsibility
  • Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles
  • Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture
  • Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms
  • Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies
  • Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise
  • Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions
  • Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface
  • Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions
  • Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes
  • Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Cybersecurity Red Team Project Manager

The Cyber Security Project Manager focuses on coordinating penetration testing p...
Location
Location
Belgium , Brussels
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Technical expertise in system security vulnerabilities, remediation techniques, and network/web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP)
  • experience in network, web application, and mobile penetration testing
  • familiarity with penetration testing tools and suites (e.g., Kali Linux, Burp Suite, Metasploit, Cobalt Strike, Mimikatz)
  • understanding of vulnerability scoring systems (CVSS) and frameworks (MITRE ATT&CK)
  • software development skills (C/C++, Java, Python) are advantageous
  • at least one relevant security certification (e.g., CEH, GPEN, GXPN, OSCP, OSC, or equivalent).
Job Responsibility
Job Responsibility
  • Coordinate all project activities with internal stakeholders (Lead Penetration Tester, Awareness Expert, Technical Quality Manager) and the customer
  • plan and execute penetration testing tasks, including scoping meetings and drafting the penetration testing plan
  • prepare and control access rights for penetration tests
  • refine and manage the security test calendar/schedule, ensuring tasks are executed according to plan
  • proactively inform stakeholders (e.g., ECB) about issues such as delays, resource unavailability, or other factors affecting testing or timelines
  • oversee quality assurance for penetration tests, including reviewing penetration testing reports
  • coordinate threat-based testing with the Lead Penetration Tester and awareness sessions with the Awareness Expert
  • support process improvement and documentation of vulnerability management in collaboration with the Technical Quality Manager
  • facilitate stakeholder communication and ensure completeness of handovers and knowledge transfer between resources.
What we offer
What we offer
  • Mobility options (including a company car)
  • insurance coverage
  • meal vouchers
  • eco-cheques
  • continuous learning opportunities through the Sopra Steria Academy
  • the opportunity to connect with fellow Sopra Steria colleagues at various team events.
  • Fulltime
Read More
Arrow Right
Remote jobs Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog Salaries About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy