Senior Vulnerability Management Analyst

Glocomms is partnered with a leading wealth management firm to hire a Senior Vulnerability Management to drive and mature an enterprise-wide security program. This individual will own the vulnerability lifecycle, embed security into development processes, and partner across teams to reduce risk.

The Senior Vulnerability Management & AppSec Lead is responsible for operating and improving a comprehensive vulnerability and application security program, with a focus on risk-based prioritization, SDLC integration, and measurable risk reduction.

• Own the end-to-end vulnerability lifecycle
• Prioritize risk using CVSS, KEV, and threat intelligence
• Analyze vulnerabilities and assess exploitability and business impact
• Drive cross-functional remediation with engineering and infrastructure teams
• Manage external attack surface and reduce exposure
• Embed security into the SDLC, including SAST/DAST and CI/CD controls
• Conduct threat modeling, architecture, and code reviews
• Support penetration testing and validate findings severity
• Lead cloud and infrastructure hardening initiatives
• Collaborate with Detection & Response on logging and alerting improvements
• Build metrics, reporting, and automation to improve program maturity
• Mentor team members and support security program improvements
  
  

• 3-6 years of experience in vulnerability management, application security, or security engineering
• Ability to work in a hybrid setting (4 days in office)
• Experience managing the full vulnerability lifecycle in an enterprise environment
• Familiarity with CVSS, KEV, and threat intelligence-driven prioritization
• Understanding of AppSec practices and secure SDLC integration
• Exposure to cloud environments and modern infrastructure
• Experience with security tools (scanners, SAST/DAST, asset management)
• Knowledge of threat modeling and secure architecture principles
• Strong collaboration skills across technical teams
• Certifications preferred (CISSP, GIAC, CCSP)