Job Description

• Job Summary: Experienced Vulnerability Management and penetration testing Governance lead will manage a team to oversee the identification, assessment, and remediation of security vulnerabilities across enterprise systems. This role will focus on establishing a proactive security posture, ensuring compliance with industry standards, and driving governance initiatives to mitigate risks effectively along with strong leadership and project management skills.

•   Vulnerability Assessment: Lead regular vulnerability scans and penetration testing across infrastructure, cloud environments and outside-In.
•   Security Baseline: Lead development and implementation of Security Baseline using CIS Benchmarks by determining the systems, applications, and network devices to be secured (e.g., Windows, Linux, Cloud, Docker, Kubernetes).
•   Risk Analysis & Prioritization: Evaluate identified vulnerabilities based on severity, exploitability, and potential business impact.
•   Remediation Planning: Collaborate with IT, security, engineering and entity teams to ensure timely remediation of high-risk vulnerabilities.
•   Governance & Compliance: Develop and enforce security governance frameworks in line with industry standards (e.g., NIST, CIS, ISO 27001, PCI-DSS).
•   Threat Intelligence Integration: Leverage global threat intelligence feeds to stay ahead of emerging security threats and vulnerabilities.

͏

• Security Policy Development: Define policies and best practices for vulnerability management, reporting, and remediation.
•   Automation & Continuous Monitoring: Implement automated vulnerability scanning tools and ensure ongoing security assessments.
•   Incident Response Support: Provide technical guidance in vulnerability-related security incidents and audits.
•   Reporting & Metrics: Establish key risk indicators and provide executive reports on vulnerability trends and remediation progress.

͏

•   Experience: 12+ years in cybersecurity, vulnerability management, or Penetration testing roles.
•   Technical Expertise: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, OpenVAS), penetration testing and threat intelligence platforms.
• Penetration Testing & Ethical Hacking: Experience with tools like Metasploit, Burp Suite, Nmap, and Wireshark for real-world security assessments.
• Security Framework Knowledge: Strong understanding of NIST, CIS benchmarks, OWASP Top 10, and CVSS scoring models.
•  Compliance Awareness: Familiarity with regulatory standards affecting security risk management.
•  Leadership & Communication: Ability to coordinate with multiple stakeholders, drive security improvements, and articulate risks effectively.
• Certifications such as CISSP, CISM, CEH, OSCP or equivalent.
• Experience in cloud vulnerability management (AWS, Azure, GCP).

Knowledge of DevSecOps practices and security automation.

͏

͏