CrawlJobs Logo

Vulnerability & Application Security Manager

sysco.com Logo

Sysco

Location Icon

Location:
United States , Houston

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

We are seeking a hands-on and strategic Vulnerability & Application Security Manager to lead and evolve our security posture across infrastructure and applications. This role is ideal for a technically proficient leader who thrives on solving complex security challenges, actively engages in day-to-day operations, and continuously identifies opportunities to mature and scale our security programs.

Job Responsibility:

  • Scanning, assessment, prioritization, remediation coordination, and tool management (e.g., Tenable, Wiz, Armis)
  • SDLC integration, SAST/DAST/SCA scans, threat modeling, secure coding collaboration, bug bounty management
  • Identifying gaps, implementing automation, improving processes, staying current with threats and technologies
  • Developing dashboards and tracking remediation progress, vulnerability trends, and risk posture
  • Ensuring adherence to OWASP, NIST, PCI-DSS, HIPAA, and other relevant frameworks
  • Mentoring staff, leading analysts/engineers, fostering growth and collaboration

Requirements:

  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field
  • 7+ years of experience in cybersecurity, with at least 2 years in a leadership role or vulnerability management
  • CISSP, CISM, OSCP, or GIAC, or equivalent
  • Strong knowledge of vulnerability management tools (e.g., Tenable, Wiz, Armis)
  • Proven hands-on experience with vulnerability management and application security tools and techniques
  • Familiarity with CVSS, MITRE ATT&CK, and threat modeling
  • Experience with cloud platforms (AWS, Azure, GCP) and container security
  • Excellent communication, analytical, and project management skills

Nice to have:

10+ years of experience in cybersecurity, with at least 4 years in a leadership role or vulnerability management

Additional Information:

Job Posted:
December 26, 2025

Employment Type:
Fulltime
Icon
Sysco - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Vulnerability & Application Security Manager

Engineering Manager, Offensive Security & Vulnerability Management

Robinhood’s Security Operations team is seeking a strategic and technical Senior...
Location
Location
United States , Menlo Park
Salary
Salary:
217000.00 - 255000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security
  • 3+ years managing technical teams in Offensive Security, Red Teaming, or Vulnerability Management
  • Strong technical foundations in adversary simulation, threat modeling, and vulnerability lifecycle management
  • Strategic thinking, translating offensive findings and vuln data into business risk language and operational improvements
  • Experience building and scaling automated security validation (e.g. Purple teaming, attack simulation, continuous testing frameworks)
  • Operating in complex challenging environments and networks
  • Influence across functions and driving remediation outcomes without direct authority
Job Responsibility
Job Responsibility
  • Lead the Offensive Security team in planning and executing red team operations, internal penetration tests, and adversary emulation campaigns
  • Oversee the Vulnerability Management team responsible for running our bug bounty program as well as continuous discovery, triage, and remediation of vulnerabilities across infrastructure, applications, and cloud environments
  • Define and drive the strategy for Autonomic Security Operations, investing in automated testing and validation pipelines that codify security knowledge and detection coverage
  • Partner closely with engineering, product, threat intelligence and detection & response stakeholders to ensure controls are continuously tested and vulnerabilities are effectively surfaced
  • Build processes, tooling, and dashboards to track and communicate vulnerability and control assurance metrics to stakeholder and leadership
  • Contribute to long-term security planning by identifying control gaps, operational bottlenecks, and opportunities to scale security through automation
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Senior Backend Engineer (Golang) Security & Vulnerability Management

Endor Labs is on a mission to enhance developer productivity and accelerate open...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in engineering with 6-8 years of experience building scalable backends for product/SaaS companies
  • At least 3-years experience in Golang programming with a focus on microservices/distributed architecture
  • Triaging, prioritizing and resolving vulnerabilities reported for containers and application-level dependencies, as well as solid knowledge of common standards in this space, e.g., CVE, CVSS, OVAL or PURL
  • Using two or more package managers of different ecosystems (e.g., Java/Maven, Node.js/npm or Debian/APT) for pulling and publishing artifacts, esp. in combination with company-internal registries, plus an understanding of their respective dependency specification formats, resolution algorithms and versioning conventions/formats
  • Practical experience in designing APIs with one or more frameworks (gRPC [preferred], ReST, GraphQL, Thrift, etc.)
  • Ability to build and design technical solutions from scratch and your code and documentation can be used as an example for coding best practices at Endor
  • Scalable Distributed System Experience - understand micro-services and domain-driven design, load balancing, horizontal/vertical scaling, and stateless architectures
  • Architecture - knowledge of data structures and a keen eye for building architectures that scale and extend easily for longevity
  • Apply data-driven techniques to evaluate and propose architectural choices
  • Ability to discuss tradeoffs between architecture’s choice to influence groups to move in the right direction
Job Responsibility
Job Responsibility
  • Architect and build the core backend infrastructure for SaaS products
  • Design, architect, and build features end-to-end while working closely with Product Management and the engineering team
  • Ensure scalability, reliability, and performance of systems
  • Drive innovation, make critical architectural decisions, and lead the implementation of cutting-edge technologies
  • Troubleshoot distributed systems and solve root causes.
  • Fulltime
Read More
Arrow Right

Director of Application Security

Hewlett Packard Enterprise is seeking a Director of Application Security to defi...
Location
Location
United States
Salary
Salary:
164500.00 - 398500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with at least 5+ years leading an application security function
  • demonstrated experience working at an enterprise-level organization with large-scale systems, processes, or operations
  • proven success in building and scaling application security programs in large, complex technology environments
  • deep understanding of secure software development practices, DevSecOps, and CI/CD tooling
  • threat modeling, code analysis, and vulnerability management
  • OWASP Top 10, SANS Top 25, and modern application security risks
  • experience with risk management frameworks (NIST CSF, ISO 27001, etc.) and regulatory requirements (SOX, GDPR, HIPAA, etc.)
  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • CISSP, CSSLP, or other relevant security certifications preferred.
Job Responsibility
Job Responsibility
  • define and execute the enterprise application security strategy aligned with business objectives and regulatory requirements
  • build, mentor, and grow a high-performing Application Security team
  • act as a trusted security advisor to engineering and product executives
  • develop and mature programs for secure software development
  • establish policies, standards, and patterns to deliver secure products at scale
  • partner with engineering, DevOps, and cloud teams to embed security tooling into CI/CD pipelines
  • lead developer outreach efforts
  • engage with product management to incorporate security requirements into roadmaps
  • drive the integration of an application security risk register
  • measure and report on the maturity and effectiveness of the AppSec program using KPIs and KRIs
What we offer
What we offer
  • comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • investment in personal and professional development
  • programs catered to career growth
  • unconditional inclusion
  • flexibility to manage work and personal needs.
  • Fulltime
Read More
Arrow Right

Application Manager

The Application Manager is responsible for taking ownership of SaaS application ...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3-5 years of relevant experience
  • Experience in managing and implementing successful projects
  • Solid grasp of industry vulnerability ratings and classifications
  • Ability to take ownership and make technical decisions on a wide range of compliance and functional requirements
  • Skill in managing unexpected and urgent matters in a rapidly evolving environment
  • Experience with dependency management, change management, and audit/compliance requirements
  • Outstanding aptitude in task and deadline management
  • Demonstrated leadership skills, especially in circumstances when ‘leading without authority’ is required
  • Consistently demonstrates clear and concise written and verbal communication in English
  • Microsoft365 proficiency
Job Responsibility
Job Responsibility
  • Working with a team of Applications Development professionals to accomplish established goals and conduct personnel duties for team (e.g. performance evaluations, training and development, hiring and disciplinary actions) as well as act as an advisor or coach to mid-level developers and analysts
  • Leverage skills across multiple teams ensuring compliance with all Citi policies
  • Develop a sound familiarity with multiple information security domains and how they are implemented at Citi
  • Drive a wide range of tasks from scheduling vulnerability assessments and working with external parties to have all findings remediated, coordinating continuity of business testing, maintaining identity and access management best practices, and ensuring that AI/ML risk remains within Citi’s risk appetite
  • Utilize in-depth specialty knowledge of applications development to analyze complex problems/issues, provide evaluation of business processes, system processes, and industry standards, and make evaluative judgement
  • Contribute to planning, formulation of procedures, and process development, negotiating with external parties when necessary
  • Prioritize vulnerability remediation for internally hosted assets
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
What we offer
What we offer
  • Global Benefits
  • We bring the best to our people. We put our employees first and provide the best-in-class benefits they need to be well, live well and save well.
  • Fulltime
Read More
Arrow Right

Application Security Engineer

In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap fo...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or a related field
  • 5+ years of experience in application security, including hands-on experience with security testing tools and techniques
  • Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities and secure coding practices
  • Experience with security testing tools such as Burp Suite, OWASP ZAP, and code analysis tools like SonarQube or Checkmarx, Snyk
  • Proficiency in at least one programming language (e.g., Java, Python, JavaScript) and ability to review and understand code
  • Familiarity with software development methodologies (e.g., Agile, DevOps) and their impact on security practices
  • Excellent analytical and problem-solving skills, with attention to detail
  • Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
  • Certifications such as CISSP, CEH, or CASE (Java), or equivalent
  • Demonstrated ability to work independently and prioritize tasks in a fast-paced environment
Job Responsibility
Job Responsibility
  • Conduct thorough security assessments of applications, identifying vulnerabilities and weaknesses in code, architecture, and configurations
  • Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed
  • Perform regular security testing, including static code analysis, dynamic application scanning, and penetration testing, to identify and mitigate security risks
  • Analyze security incidents and provide timely response and remediation actions to mitigate potential threats
  • Develop and maintain security documentation, including security requirements, design documents, and security testing reports
  • Assist in the design and implementation of security controls and mechanisms to protect sensitive data and critical systems
  • Stay up-to-date with emerging security threats and industry best practices, and recommend security enhancements and controls accordingly
  • Provide security guidance and support to cross-functional teams, including developers, architects, and project managers
  • Participate in security reviews and audits, ensuring compliance with security policies, standards, and regulatory requirements
  • Collaborate with third-party vendors and partners to assess the security posture of integrated systems and applications
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Application Security Tech Lead

The position is a cross-functional role that will be responsible for various App...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree with 4 - 6 years' experience in web application development or application code review
  • Experience as a technical lead or manager
  • Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
  • Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud
  • Understanding of security, web-based and infrastructure vulnerabilities
  • Experience in source code management, build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience
  • Understanding of Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advance Security, Sonatype or Black Duck platform is a plus
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures
  • Excellent communication skills (written and verbal)
Job Responsibility
Job Responsibility
  • Establish/manage multiple security programs that support the security testing requirements at the bank
  • Forge and maintain strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
  • Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy
  • In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
  • Appropriately assess risk and provide software security advice when business decisions are made
  • Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes
  • Fulltime
Read More
Arrow Right

Director, Vulnerability Management

The Director of Vulnerability Management takes full accountability for running t...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-8 years experience of leading, mentoring, and growing high-performing teams within the vulnerability management domain
  • Proven experience managing vulnerability management programs at enterprise scale
  • Ability to respond quickly to emerging vulnerabilities and implement immediate remediation measures
  • Comfortable operating under high-pressure conditions with competing priorities
  • Strong technical expertise in vulnerability management platforms and scanning technologies
  • Executive presence with the ability to engage and influence senior leadership effectively
  • Expertise in reporting and metrics to drive accountability and transparency
  • Strong problem-solving and analytical skills to assess risk and develop mitigation strategies
  • Ability to lead complex projects and collaborate across multiple business units
  • Bachelor's Degree
Job Responsibility
Job Responsibility
  • Leads projects, or delegates and supervises project leaders, for security initiatives involving the hardware and application systems
  • Leads and is accountable for scanning operations, data and metrics, and leading projects in the overall VM landscape
  • Maintain, configure and operate the vulnerability management platforms to optimal levels
  • A strong focus on reporting and metrics to ensure that risk is constantly being addressed and programs are in place to continuously improve the security posture of Comcast from a vulnerability management perspective
  • A strong and confident people leader that aligns to Comcast values and helps to coach, mentor and grow the team
  • Works in close alignment with internal Security Development Lifecycle (SDL) coaches and our security leads to help drive down vulnerabilities across the enterprise
  • Collaborates with other Information Technology departments and key business areas to ensure information security requirements are defined, documented, tested and delivered as part of project deliverables
  • Performs sophisticated analytical tasks to assess risk and determines strategies required to resolve issues, accurate technical security problems, or mitigate risk
  • Assists in the preparation of budgets and forecasts
  • Selects, develops and evaluates personnel to ensure efficient operations within department
What we offer
What we offer
  • Paid Time off
  • Physical Wellbeing benefits
  • Financial Wellbeing benefits
  • Emotional Wellbeing benefits
  • Life Events + Family Support benefits
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy