Job Role: Sr. Vulnerability Operations professional
Work Location: Chicago, IL / Greenwich, CT (4-Days Onsite)
Full Time
About the Role:
We are seeking a Senior Vulnerability Operations professional to lead and execute our vulnerability management program. The ideal candidate has deep expertise across all types of vulnerabilities (infrastructure, application, cloud, container, endpoint), and can drive remediation strategies through scalable, automated, and measurable processes.
This role requires a strategic thinker with hands-on capability, who can lead vulnerability to lifecycle processes — from detection and triage to reporting, tracking, and governance.
Key Responsibilities:
Own and manage the end-to-end vulnerability management lifecycle: discovery, assessment, prioritization, remediation tracking, and closure.
Build and maintain vulnerability dashboards, metrics, and executive reports using tools such as Power BI, Tableau, or native scanner dashboard & products.
Consolidate vulnerability data from multiple sources (e.g., SCA/SAST/DAST, Tenable, Rapid7, container scanners, cloud tools, native & products such as Orca, Wiz) to present a unified risk view.
Perform vulnerability correlation, de-duplication, and tagging (e.g., based on business units, asset owners, criticality).
Collaborate with IT, DevOps, Cloud, Business, and Application teams/owners to drive timely remediation and verify risk mitigation.
Track vulnerability of SLAs, generate remediation tickets, and manage exceptions where applicable.
Define and improve processes for asset inventory reconciliation, especially across on-prem, cloud, containers, and shadow IT.
Implement and improve automated integrations (e.g., CMDB, SIEM, ITSM tools like ServiceNow) for vulnerability data enrichment and remediation workflows.
Stay updated on the vulnerability threat landscape (CVEs, zero-days, exploitability trends, etc.).
Participate in audits, compliance initiatives (e.g., ISO 27001, NIST, PCI-DSS), and provide evidence related to vulnerability management.
Required Skills and Experience:
6–10 years of experience in cybersecurity, with at least 4+ years focused on vulnerability management.
Deep understanding of vulnerability types across:
Operating systems (Windows, Linux, macOS)
Applications (web, APIs, databases)
Cloud environments (AWS, Azure, Google Cloud Platform)
Containers & Kubernetes
Network infrastructure and IoT/OT (preferred)
Experience with vulnerability scanning tools such as:
Qualys, Tenable Nessus, Rapid7 InsightVM/Nexpose
AWS Inspector, Azure Defender, Prisma Cloud, Aqua, Anchore, Wiz, Orca
Snyk, Black Duck, Veracode, SonarQube (for application security)
Strong experience with:
Data correlation & reporting (Excel, Power BI, or other BI tools)
Asset tagging and inventory management (ServiceNow CMDB, Lansweeper, etc.)
ITSM ticketing systems (ServiceNow, Jira, Remedy)
Scripting or automation tools (Python, PowerShell, APIs, Splunk queries) are highly preferred.
Familiarity with CVE, CVSS, CISA KEVs, EPSS, and exploitability frameworks.
Strong understanding of security operations, patching cycles, and incident response workflows.
Knowledge of compliance frameworks like NIST, CIS Controls, ISO 27001, PCI-DSS, and SOC2.
Preferred Qualifications:
Bachelor''s degree in computer science, Cybersecurity, Information Systems, or equivalent experience.
Certifications such as CISSP, CISM, GIAC GCIH, CompTIA Security+, or OSCP are highly desired and definitely add an edge.
Experience with threat intelligence platforms and linking threat data to vulnerability context.
Ability to mentor junior analysts, standardize SOPs, and scale program maturity.
Never miss an opportunity! Create an alert based on the job you applied for.
