Senior Manager - Vulnerability Management

About the Job:
The role is responsible for proactively identifying, exploiting, and validating security weaknesses across the organization’s systems, applications, and networks. This includes leading vulnerability assessments, conducting penetration testing, and ensuring effective technical remediation and patch management oversight to reduce organizational risk and strengthen the security posture.

Key Responsibilities:

• Offensive Security & Penetration Testing:

  • Plan, execute, and report on penetration testing engagements across web applications, APIs, infrastructure, and cloud environments.
  • Simulate real-world attack scenarios to identify exploitable vulnerabilities.
  • Perform manual and automated testing techniques to uncover complex security flaws.
  • Validate vulnerabilities through exploitation and proof-of-concept development.
  • Conduct red-team style assessments where applicable.

• Vulnerability Assessment & Management:

  • Establish and manage continuous vulnerability scanning and assessment processes.
  • Perform authenticated and unauthenticated scans across critical assets.
  • Analyze scan results to identify true positives, eliminate false positives, and validate risk.
  • Prioritize vulnerabilities based on exploitability, threat intelligence, and business impact.
  • Expand scan coverage to include previously unassessed or shadow IT assets.

• Technical Remediation Coordination:

  • Work closely with IT, DevOps, and engineering teams to drive remediation efforts.
  • Provide clear, actionable, and technically detailed remediation guidance.
  • Validate fixes through re-testing and secure configuration reviews.
  • Track remediation progress and enforce SLA adherence.
  • Support secure coding and hardening practices where needed.

• Patch Management Oversight:

  • Oversee patching cycles for operating systems, applications, and infrastructure components.
  • Ensure timely deployment of critical and high-risk security patches.
  • Align patching priorities with vulnerability risk ratings and active threat intelligence.
  • Monitor patch compliance and highlight gaps or delays.
  • Collaborate with asset owners to minimize exposure windows.

• Threat Intelligence & Risk-Based Prioritization:

  • Monitor emerging threats, exploits, and zero-day vulnerabilities.
  • Align vulnerability prioritization with the current threat landscape and attack trends.
  • Integrate threat intelligence into the vulnerability management lifecycle.
  • Implement risk-based vulnerability management methodologies.

• Tools, Automation & Optimization:

  • Ensure optimal configuration and coverage of security testing tools.
  • Evaluate and implement new offensive security tools and automation frameworks.
  • Develop scripts or automation to enhance testing and validation efficiency.

• Reporting & Metrics:

  • Develop dashboards and reports for leadership and stakeholders.
  • Track KPIs such as vulnerability aging, remediation SLAs, exploitability, and risk exposure.
  • Provide actionable insights to support risk reduction and decision-making.

Qualifications:

• A tertiary level qualification from an internationally recognized institution.
• Industry-recognized certifications in OSCP (Offensive Security Certified Professional) or CPENT (Certified Penetration Testing Professional) preferred.
• 5 to 7 years of equivalent experience in Network Security & VAPT tools.
• Demonstrated expertise with complex technical activities and the ability to manage and deliver projects.
• Deep understanding of various operating systems such as Windows and Linux.
• Good analytical, problem-solving, and interpersonal skills.

Language Requirements:

• Not explicitly stated, but strong communication skills are implied.

This position is a critical role in maintaining the security integrity of the organization's digital assets and infrastructure.