CrawlJobs Logo
Sopra Steria Logo Sopra Steria · IT - Software Development

Vulnerability Management Technical Lead

India, Bengaluru Employment contract · Job Posted September 03, 2025
Apply Position
Job Link Share

Job Description

The role includes managing and optimizing vulnerability management workflows using Rapid7 InsightVM, collaborating with IT teams for asset tracking and discovery, integrating external systems, troubleshooting technical issues, and delivering reports and presentations on security insights. The position also involves aligning practices with well-known cybersecurity standards and frameworks and providing training on information security best practices.

Job Responsibility

  • ensure that Rapid7 is fully and effectively implemented
  • assist with design, implementation, and optimization of automated tagging workflows
  • build and refine InsightVM dashboards and reports for insights
  • integrate Rapid7 with external systems for accurate asset context and automated remediation ticket creation
  • collaborate with IT teams to reduce false positives and orphaned assets
  • implement and support scan scheduling and tuning
  • assist in risk acceptance workflows
  • troubleshoot scan and synchronization issues
  • drive process improvements in vulnerability management workflow
  • deliver security reports and presentations
  • provide training on information security best practices
  • define and support structured processes for tracking and remediating vulnerabilities
  • optimize monthly reporting capabilities

Requirements

  • 4 to 8 years of experience
  • engineering graduate - preferably B.E./B.Tech in IT or Computer Engineering
  • strong analytical skills
  • experience with security information and event management (SIEM) tools
  • ~5 years of experience in information security, specifically in end-to-end vulnerability management with 2-3 years hands-on Rapid7 experience
  • advanced degrees or certifications preferred
  • knowledge of current cybersecurity trends, threats, and techniques
  • understanding of regulatory requirements
  • ability to work independently and collaboratively
  • good interpersonal and communication skills
  • relevant technical certifications are an added advantage

Nice to have

  • French, German, Danish language knowledge
  • ability to align vulnerability management practices with standards like ISO/IEC 27001, NIST Cybersecurity Framework, CIS Critical Security Controls (version 8), and NIS2

What we offer

  • inclusive and respectful work environment
  • positions open to people with disabilities
Sopra Steria - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Vulnerability Management Technical Lead

8 matching positions

Vulnerability Management Technical Project Lead

The Tech Lead/ServiceLine Lead will be responsible for the operational, organisa...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Total Experience Expected: 08-10 years
  • Bachelor's degree or Master's in Computer Science, Engineering, or related field
  • Proven leadership experience
  • Strong people management and client‑facing governance skills
  • Executive communication (FR/EN written & verbal reporting
  • Crisis management & escalation handling for P0/P1 situations
  • Data‑driven decision making using KPIs, dashboards, and trends
  • Continuous improvement & automation mindset
  • Proficiency in ServiceNow SECOPS (certification preferred), vulnerability detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR, WIZ, NESSUS PRO, Dynatrace), CMDB, VISIT, reporting tools (PowerBI, PowerPoint), and adherence to security standards and Client SLAs is required
Job Responsibility
Job Responsibility
  • Monitoring of critical P0 / P1 vulnerabilities
  • Steering CTI incidentology
  • Execution and governance of COD controls
  • Organisation of committees and reporting
  • Operational management and team skill development
  • Contribution to process, tool, and KPI optimisation
  • Promptly responding to P0/P1 vulnerabilities, including identification, assessment, patching, documentation, and development of remediation plans when patching is not possible
  • Coordinate and oversee P0 vulnerability follow-up meetings, communicate updates and remediation progress, escalate unresolved issues, and ensure compliance with established deadlines
  • To attend, present & track regular meetings and committee sessions with vulnerability status, track remediation efforts, report key performance indicators, and coordinate with divisions on security tools and control enhancements
  • Oversees the execution, analysis, and remediation of six COD controls, ensuring effective risk reduction and planning for additional controls to further mitigate cyber threats
  • Fulltime
Read More
Arrow Right

Vulnerability Management Lead, Information System Security Officer

Vulnerability Management Lead, Information System Security Officer (ISSO) will s...
Location
Location
United States , Lexington Park
Salary
Salary:
100000.00 - 145000.00 USD / Year
kairosinc.net Logo
KAIROS Inc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong customer relations, analytics, documentation skills
  • Self-starter, highly motivated, strong work ethic with a commitment to quality
  • Microsoft office suite proficiency, i.e., Word, Excel, PowerPoint
  • Ability to work within a challenging, fast-paced, team-oriented environment
  • Ability to work independently
  • Ability to multi-task and meet competing, deliverable deadlines
  • Detail oriented
  • Excellent interpersonal and customer service skills
  • Excellent verbal and written communication skills to provide clear status and/or communicate issues
  • Ability to adapt to evolving technology
Job Responsibility
Job Responsibility
  • Assess and validate PMA-268 RMF packages (Authorizations to Operate (ATOs) and Interim Authorizations to Test (IATTs)
  • Coordinate development of the Security Assessment Plan (SAP) with Integrated Product Team (IPT) SSE and system ISSO
  • Submit SAP for approval
  • Execute the SAP
  • Provide a summary of failed controls in Enterprise Mission Assurance Support Service (eMASS) (Risk Assessment)
  • Complete the Security Assessment Report (SAR)
  • Provide POA&M update recommendations to the PMA/IPT based on assessment results
  • Ensure traceability of all vulnerabilities from raw assessment results to the POA&M
  • Support Continuous Monitoring (ConMon) activities (e.g. annual security reviews, system/changes/ Memorandums for the Record (MFRs))
  • Create consolidated list of mitigation statements for POA&Ms (unclassified) to assist ISSOs with established mitigation statements for common non-compliant security controls
What we offer
What we offer
  • Medical Coverage
  • Employer Paid Dental, Vision, Basic Life/AD&D, Short-Term/Long-Term Insurance
  • Health Savings Account with Contribution by Employer
  • 401K Plan with Employer Matching
  • Annual Discretionary Bonuses
  • Paid Time Off
  • Eleven (11) Paid Holidays
  • Certification reimbursement program
  • Tuition Reimbursement Program
  • Paid Parental Leave
  • Fulltime
Read More
Arrow Right

Vulnerability Management Tech Lead

As a Vulnerability Management Tech Lead, you will provide senior technical leade...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A senior engineer with proven technical leadership in production security systems or closely related infrastructure services
  • An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate tradeoffs between reliability, cost and speed of delivery
  • Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration
  • you write and review production code and automation confidently
  • Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines
  • Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures
  • Skilled at translating complex telemetry into detection logic and measurable detection KPIs
  • Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical tradeoffs clearly, and gain alignment without direct authority
  • A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns
  • Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems
Job Responsibility
Job Responsibility
  • Define and evolve the technical vision and architecture for the VMS, translating product and security strategy into a coherent, scalable engineering roadmap
  • Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability
  • Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability
  • Lead high-impact technical initiatives and remove technical roadblocks for the team
  • Plan, execute and evaluate internal penetration tests and red-team exercises — defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response
  • Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance
  • Mentor and coach engineers — raising technical standards through design reviews, code review feedback, shared libraries and platform patterns — while contributing significant hands-on code and automation
  • Own the technical approach to telemetry and detection engineering: define data contracts, ensure event quality, guide detection rule design and measure detection efficacy
  • Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations
  • Define the VMS measurement model and lead technical efforts that deliver high-quality dashboards and signals (coverage, time-at-risk, remediation MTTR, noise, detection quality) used by security leadership
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • Fulltime
Read More
Arrow Right

Vulnerability Management Tech Lead

As a Vulnerability Management Tech Lead, you will provide senior technical leade...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A senior engineer with proven technical leadership in production security systems or closely related infrastructure services
  • An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate tradeoffs between reliability, cost and speed of delivery
  • Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration
  • you write and review production code and automation confidently
  • Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines
  • Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures
  • Skilled at translating complex telemetry into detection logic and measurable detection KPIs
  • Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical tradeoffs clearly, and gain alignment without direct authority
  • A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns
  • Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems
Job Responsibility
Job Responsibility
  • Define and evolve the technical vision and architecture for the VMS, translating product and security strategy into a coherent, scalable engineering roadmap
  • Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability
  • Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability
  • Lead high-impact technical initiatives and remove technical roadblocks for the team
  • Plan, execute and evaluate internal penetration tests and red-team exercises — defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response
  • Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance
  • Mentor and coach engineers — raising technical standards through design reviews, code review feedback, shared libraries and platform patterns — while contributing significant hands-on code and automation
  • Own the technical approach to telemetry and detection engineering: define data contracts, ensure event quality, guide detection rule design and measure detection efficacy
  • Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations
  • Define the VMS measurement model and lead technical efforts that deliver high-quality dashboards and signals (coverage, time-at-risk, remediation MTTR, noise, detection quality) used by security leadership
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • A range of locally relevant benefits
  • Fulltime
Read More
Arrow Right

Vulnerability Management Tech Lead

As a Vulnerability Management Tech Lead, you will provide senior technical leade...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A senior engineer with proven technical leadership in production security systems or closely related infrastructure services
  • An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate tradeoffs between reliability, cost and speed of delivery
  • Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration
  • you write and review production code and automation confidently
  • Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines
  • Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures
  • Skilled at translating complex telemetry into detection logic and measurable detection KPIs
  • Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical tradeoffs clearly, and gain alignment without direct authority
  • A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns
  • Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems
Job Responsibility
Job Responsibility
  • Define and evolve the technical vision and architecture for the VMS, translating product and security strategy into a coherent, scalable engineering roadmap
  • Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability
  • Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability
  • Lead high-impact technical initiatives and remove technical roadblocks for the team
  • Plan, execute and evaluate internal penetration tests and red-team exercises — defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response
  • Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance
  • Mentor and coach engineers — raising technical standards through design reviews, code review feedback, shared libraries and platform patterns — while contributing significant hands-on code and automation
  • Own the technical approach to telemetry and detection engineering: define data contracts, ensure event quality, guide detection rule design and measure detection efficacy
  • Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations
  • Define the VMS measurement model and lead technical efforts that deliver high-quality dashboards and signals (coverage, time-at-risk, remediation MTTR, noise, detection quality) used by security leadership
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • A range of locally relevant benefits
  • Fulltime
Read More
Arrow Right

Applications Development Technical Lead Analyst

Working at Citi is far more than just a job. A career with us means joining a te...
Location
Location
United States , Tampa
Salary
Salary:
155200.00 - 171360.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
July 14, 2026
Flip Icon
Requirements
Requirements
  • Requires at least a Bachelor’s degree or foreign equivalent in Applied Computer Science, Computer Applications or related field and 6 years of progressive experience as a Software Engineer, Software Developer, Full Stack Java Developer, or related position involving back-end functionalities and front-end components development. 6 years of experience must include: Java, J2EE, JPA
  • Spring, Hibernate
  • Design patterns Microservices, REST API
  • Oracle PL/SQL, Stored procedures, triggers
  • JavaScript, HTML, CSS, Angular, React
  • Maven, Jenkins, Docker, Kubernetes, Linux, Shell. At least 4 years of experience must include: Junit testing frameworks
  • Agile/Scrum methodology and content management using JIRA, Confluence
  • JSON, XML, YAML
  • Python
  • and Code review & hygiene using, Blackduck, SAST Check Marx.
Job Responsibility
Job Responsibility
  • Design and develop software solutions for Data Governance Integration Framework projects
  • Analyze business requirements and convert functional, security and compliance requirements into specifications
  • Use Agile/Scrum methodology, Core Java, Java, J2EE, J2SE, JDBC, JNDI, JMS, JPA, Spring, Spring boot, Hibernate
  • Design patterns Microservices, JSON, XML, YAML
  • Build, enhance and maintain microservices and tooling to manage source code version and release in repositories using core Java language
  • Perform backend development using Java and frontend interfaces development using Angular
  • Build and maintain SQL scripts and triggers, and REST API functions
  • Use Oracle PL/SQL, Stored procedures, triggers and NoSQL MongoDB, JavaScript, HTML, CSS, Angular, React, and Webpack, NodeJS
  • Write unit test cases in Junit and Cucumber, test scripts and automation test programs, and develop web automation using Selenium
  • Use messaging frameworks Kafka, JMS, RabbitMQ messaging
What we offer
What we offer
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Middleware Systems Technical Lead

Roles and Responsibilities Administer and support WebLogic domains, clusters, a...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Administer and support WebLogic domains, clusters, and middleware environments in production
  • Design and implement High Availability (HA), Disaster Recovery (DR), and scalable architectures
  • Perform performance tuning and resolve complex issues (JVM, GC, memory leaks)
  • Install, upgrade, patch, and migrate Oracle FMW components (SOA, OSB, ODI, IDM stack)
  • Execute vulnerability remediation including PSU/CPU patching and CVE mitigation
  • Implement and enforce middleware security (SSL/TLS, hardening, access control, authentication)
  • Manage WebLogic security realms, authentication providers, and certificate lifecycle
  • Develop automation scripts (Python/Shell) to enhance operational efficiency
  • Provide L3 support for SOA, ODI, and OSB including architecture optimization and deep debugging
  • Establish monitoring, alerting, and incident response mechanisms for middleware services
Job Responsibility
Job Responsibility
  • Administer and support WebLogic domains, clusters, and middleware environments in production
  • Design and implement High Availability (HA), Disaster Recovery (DR), and scalable architectures
  • Perform performance tuning and resolve complex issues (JVM, GC, memory leaks)
  • Install, upgrade, patch, and migrate Oracle FMW components (SOA, OSB, ODI, IDM stack)
  • Execute vulnerability remediation including PSU/CPU patching and CVE mitigation
  • Implement and enforce middleware security (SSL/TLS, hardening, access control, authentication)
  • Manage WebLogic security realms, authentication providers, and certificate lifecycle
  • Develop automation scripts (Python/Shell) to enhance operational efficiency
  • Provide L3 support for SOA, ODI, and OSB including architecture optimization and deep debugging
  • Establish monitoring, alerting, and incident response mechanisms for middleware services
Read More
Arrow Right

Vulnerability Management Analyst

The Vulnerability Management Analyst is responsible for supporting and advancing...
Location
Location
United States
Salary
Salary:
85000.00 - 100000.00 USD / Year
radancy.com Logo
Radancy
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of experience in vulnerability management, GRC, security operations, or a related cybersecurity function.
  • Experience supporting vulnerability management in cloud and modern application environments.
  • Experience working with vulnerability and security tooling.
  • Strong understanding of vulnerability remediation, risk prioritization, compensating controls, exception handling, and escalation practices.
  • Ability to translate technical findings into business risk and remediation priorities for both technical and non-technical stakeholders.
  • Demonstrated experience coordinating across engineering, product, and management teams.
  • Strong analytical, organizational, and facilitation skills.
  • Excellent written and verbal communication skills.
Job Responsibility
Job Responsibility
  • Lead recurring vulnerability management roundtables with product engineering and IT departments.
  • Prepare and present prioritized vulnerability reviews for monthly meetings, driving clear remediation priorities for the next review cycle, focus teams on the highest risk vulnerabilities first.
  • Apply risk-based prioritization. Evaluate exploitability, exposure, and business impact to determine severity.
  • Promote remediation efforts that reduce risk across multiple teams or systems.
  • Track critical and high-risk findings against remediation timelines. Surface items nearing or exceeding SLA commitments.
  • Ensure each issue has a current remediation or mitigation plan and manage the timeline of remediation efforts.
  • Challenge unsupported “can’t fix” or “won’t fix” responses. Push for practical remediation paths when blockers exist.
  • Recommend compensating controls where full remediation is delayed.
  • Support formal exception and risk acceptance decisions.
  • Escalate stalled remediation and SLA risk to leadership.
What we offer
What we offer
  • Comprehensive medical coverage, with dental, vision and life insurance
  • Competitive 401(k) plan with employer matching
  • Unlimited flexible time off (FTO)
  • World-class training that keeps you at the forefront of innovation
  • Fulltime
Read More
Arrow Right