Lead Vulnerability Management Specialist

Glocomms is partnered with a leading financial services organization seeking a Lead Vulnerability Management Specialist to strengthen its enterprise security posture. This role will drive the end-to-end vulnerability management program across hybrid infrastructure, including on-prem platforms, cloud environments (AWS, Azure), and poly-cloud deployments.

The specialist will oversee vulnerability identification, validation, and remediation, leveraging industry-leading tools such as Qualys, Tenable Nessus, Wiz, Prisma Cloud, and CrowdStrike Falcon. Responsibilities include managing CVE lifecycle, addressing zero-day events, and implementing risk-based prioritization strategies to ensure timely remediation aligned with SLAs. The role will also enforce security hardening, guardrails, and build-breaking policies to maintain secure configurations across Windows, Linux, and Kubernetes environments.


Key duties involve:

• Leading continuous threat exposure management (CTEM) and attack surface reduction initiatives.
• Driving structured process improvements for consistency in remediation workflows and owner experience.
• Collaborates closely with SOC, cyber defense, red team, and platform engineering groups to consolidate insights and improve enterprise-wide visibility.
• Developing dashboards, custom reports, and remediation progress tracking for stakeholders.
• Managing stakeholder communication and influencing multi-team initiatives to meet audit and compliance requirements.
• Utilizing automation and scripting to streamline vulnerability assessments and remediation processes.

Key Qualifications:

• 7 years of experience in vulnerability management or related cybersecurity roles.
• Strong understanding of CVE lifecycle, risk-based prioritization, and remediation SLAs.
• Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable Nessus, Wiz, Prisma Cloud, CrowdStrike Falcon).
• Expertise in hybrid infrastructure, including on-prem systems and cloud platforms (AWS, Azure).
• Familiarity with Windows, Linux, Kubernetes, and secure configuration management.
• Proven ability to collaborate across SOC, engineering, and security teams.
• Proficiency in automation and scripting for process improvement.
• Knowledge of security frameworks and compliance requirements.
• Excellent communication and stakeholder management skills.
• Bachelor's degree in Computer Science or a related technical discipline or equivalent work experience is required; advanced degree preferred.
  
  
  

This is a hybrid role based in one of the following locations: Dallas-Fort Worth (DFW), Charlotte, or the Philadelphia Metro area. Candidates must be willing to work onsite three times per week at one of these locations and must be fully authorized to work in the United States without sponsorship.