Lead Vulnerability Expert (F/M)
Job:
Digital and IT / Cybersecurity
<ol> <li><span><strong><span><span>POSITION & RES</span><span>P</span><span>ONSABILITIES</span></span></strong><span> </span></span></li> </ol> <p><span><strong><span><span>Position:</span></span></strong><span><span> Lead Vulnerability Expert (Player-Coach)</span></span><span><span> </span></span><br></span></p> <p><span><strong><span><span>Responsibilities:</span></span></strong><span> </span></span></p> <ul> <li><span><span><span>Act as the technical lead for vulnerability detection, validation, and remediation.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Perform advanced analysis: exploit reproduction, impact assessment, and attack-path mapping.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Optimize</span><span> vulnerability scanning tools for accuracy and coverage.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Master Active </span><span>Defense</span><span> tools to enhance efficiency and develop automation capabilities.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Mentor and coach team members: review outputs, share best practices, and elevate technical skills.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Collaborate with infrastructure, </span><span>Identity</span><span> </span><span>and </span><span>local</span><span> teams to </span><span>optimize</span><span> </span><span>remediation efforts.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Stay ahead of zero-days, KEV advisories, and exploit trends; lead technical response during critical events.</span></span><span> </span></span></li> </ul> <ul> <li><span><strong><span><span>Ensure communication with business units, track incidents, and follow up.</span></span></strong><span> </span></span></li> </ul> <ul> <li><span><span><span>Support </span></span><strong><span><span>Offensive Security initiatives</span></span></strong><span><span> with vulnerability context and exploit validation.</span></span><span> </span></span></li> </ul> <p><span> </span></p> <p><span><strong><span><span>MISSION</span></span></strong><span> </span></span></p> <p><span><strong><span><span>Technical Excellence</span></span></strong></span></p> <ul> <li><span><span><span>Act as the </span></span><strong><span><span>technical authority</span></span></strong><span><span> for vulnerability management within the Active </span><span>Defense</span><span> team.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Ensure </span></span><strong><span><span>continuous exposure reduction</span></span></strong><span><span> by applying the </span></span><strong><span><span>CTEM (Continuous Threat Exposure Management)</span></span></strong><span><span> framework to prioritize and address vulnerabilities based on real-world risk.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Drive </span></span><strong><span><span>advanced vulnerability analysis</span></span></strong><span><span>, including exploit reproduction</span><span> in collaboration with the offensive security team</span><span>, attack-path mapping, and impact assessment, to </span><span>provide</span><span> actionable insights for remediation.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Develop </span></span><strong><span><span>automation and tooling enhancements</span></span></strong><span><span> to improve efficiency and accuracy in vulnerability detection and validation.</span></span> </span></li> </ul> <p><strong><span><span>Leadership & Enablement</span></span></strong></p> <ul> <li><span><span><span>Serve as a </span></span><strong><span><span>mentor and coach</span></span></strong><span><span> for a team of analysts and engineers, fostering technical growth and best practices.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Act as a </span></span><strong><span><span>bridge between technical teams and business units</span></span></strong><span><span>, ensuring clear communication of risks and remediation priorities.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Lead </span></span><strong><span><span>cross-functional collaboration</span></span></strong><span><span> to remove blockers and accelerate remediation efforts.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Support </span></span><strong><span><span>Offensive Security initiatives</span></span></strong><span><span> by </span><span>validating</span><span> exploitability and providing vulnerability context for attack simulations.</span></span> </span></li> </ul> <p> </p> <p><strong><span><span>Strategic Contribution</span></span></strong></p> <ul> <li><span><span><span>Drive and animate community programs (</span></span><em><span><span>e.g., </span></span></em><span><span>Weekly Operational Cybersecurity Calls, seminars, and other initiatives).</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Maintain </span></span><strong><span><span>situational awareness</span></span></strong><span><span> of emerging threats, zero-days, and KEV advisories, ensuring rapid technical response during critical events.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Contribute to the </span></span><strong><span><span>Active </span><span>Defense</span><span> vision</span></span></strong><span><span> by aligning vulnerability management activities with corporate security </span><span>objectives</span><span>.</span></span><span> </span></span></li> </ul> <p><span> </span></p> <ol> <li><span><strong><span><span>RELATIONSHIPS</span></span></strong><span> </span></span></li> </ol> <ul> <li><span><strong><span><span>Reports to:</span></span></strong><span><span> Head of Active </span><span>Defense</span><span> </span></span><span> </span></span></li> </ul> <ul> <li><span><strong><span><span>Works closely with:</span></span></strong><span><span> </span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Active </span><span>Defense</span><span> team members (Vulnerability Management, Offensive Security</span><span>, SecOps Engineering</span><span>)</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>CSIRT</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Infrastructure, Cloud, and Application teams</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Vulnerability Champions who are part of the </span><span>local cyber teams</span></span><span> </span></span></li> </ul> <p><span> </span></p> <ol> <li><span><strong><span><span>EXPERIENCE</span><span> </span></span></strong><span> </span></span></li> </ol> <p><span><span><span>The Lead Vulnerability Expert excels at simplifying and </span><span>optimizing</span><span> vulnerability management workflows, </span><span>demonstrates</span><span> strong understanding of IT architecture, and can propose effective vulnerability workarounds.</span></span><span> </span></span></p> <p><span><span><span>A thorough knowledge </span><span>of Tenable</span><span> and WIZ</span><span> tools is highly appreciated.</span></span><span> </span></span></p> <p><span> </span></p> <p><span><span><span>The Lead Vulnerability Expert</span></span><span><span> is familiar with intrusion methods on computer systems and networks</span><span> and </span><span>can</span><span> </span><span>determine</span><span> </span><span>the potential </span><span>impact</span><span> of a vulnerabilit</span><span>y according to multiple </span><span>factors:</span><span> </span></span><span> </span></span></p> <ul> <li><span><span><span>CVSS score</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>EPSS score</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Popularity of the impacted hardware or software</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Ease of exploitability</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Existing Po</span><span>C</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Etc</span><span>…</span></span><span> </span></span></li> </ul> <p><span> </span></p> <ol> <li><span><strong><span><span>REQUIRED SKILLS</span></span></strong><span> </span></span></li> </ol> <ul> <li><span><span><span>Have a thorough knowledge of the methods and functions of security equipment.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>5 </span><span>years’ experience</span><span> with </span><span>v</span><span>ulnerability </span><span>management</span><span> or related security functions.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Participate in the improvement and development of process and procedure documentation.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Ability to work independently to perform analysis and investigations.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Possess an information security and operations mindset.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Keep a personal watch and share it with the security teams.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Ability to multi-task and prioritize.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Full </span><span>proficiency</span><span> </span><span>in verbal and written</span><span> English.</span></span><span> </span></span></li> </ul> <ul> <li><span><span><span>Adaptability and resilience in a fast-paced, evolving threat landscape.</span></span></span></li> </ul>