Unified Vulnerability Management (UVM) Specialist

Duties and Responsibilities

• Aggregate and normalize vulnerability data from diverse sources into a unified vulnerability platform (UVM).

• Experience with integrating self-hosted and SaaS-based applications via APIs. Expertise utilizing native API integrations and developing custom integrations (via code or scripts).

• Collaborate with product owners (Vulnerability Management, DevSecOps, Cloud Security, etc.) to ensure the collection, quality, normalization, and enrichment of vulnerability data.

• Apply standardized vulnerability severity scoring and customize it to reflect business context and risk appetite.

• Develop and maintain centralized dashboards to visualize risk posture across applications and environments. To include custom dashboards for different stakeholder types (executives, business owners, and resource owners).

• Collaborate with Technical Security Advisors and BISOs to maintain and improve risk reporting (visualizations, dashboards, reports, notifications, etc.).

• Improve exception workflows through UVM integrations with workload mgmt./ticketing systems.

• Build and maintain RBAC to the UVM platform (dashboards, reports, etc.).

• Define and enforce remediation SLAs and shift-left prevention policies.

• Support operational workflows for risk acceptance, false positives, and severity overrides.

• Participate in recurring vulnerability oversight meetings and provide actionable insights.

• Contribute to the development of vulnerability lifecycle processes and automation strategies.

• Maintain comprehensive documentation of technology, projects, processes, etc.

• Stay up to date on security practices and standards; participate in educational opportunities; read professional publications.

• Participate in special projects and other duties as assigned.

Qualifications

• Undergraduate degree in IT or cybersecurity is preferred.

• 3-5 years of experience in vulnerability management.

• Hands-on experience with unified vulnerability management (UVM) solutions (e.g., ArmorCode, Wiz).

• Strong understanding of OWASP Top 10, CVE, CVSS, NVD, and other vulnerability standards.

• Experience with programming and scripting languages (e.g., Python, PowerShell) is preferred.

• Familiarity with data engineering solutions (e.g., Athena, Tableau), workload management solutions (e.g., Jira, ServiceNow), version control and pipeline solutions (e.g., Bamboo, GitHub), and IaC solutions (e.g., Terraform, Ansible).

• Knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.).

• Professional certifications such as CISSP, CCSP, or Security+ a plus.

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.