Senior Manager - Vulnerability Management

Job Description

The role is responsible for proactively identifying, exploiting, and validating security weaknesses across the organization's systems, applications, and networks. This includes leading vulnerability assessments, conducting penetration testing, and ensuring effective technical remediation and patch management oversight to reduce organizational risk and strengthen the security posture.

Responsibilities

Offensive Security & Penetration Testing

• Plan, execute, and report on penetration testing engagements across web applications, APIs, infrastructure, and cloud environments
• Simulate real-world attack scenarios to identify exploitable vulnerabilities
• Perform manual and automated testing techniques to uncover complex security flaws
• Validate vulnerabilities through exploitation and proof-of-concept development
• Conduct red-team style assessments where applicable
  
  

Vulnerability Assessment & Management

• Establish and manage continuous vulnerability scanning and assessment processes
• Perform authenticated and unauthenticated scans across critical assets
• Analyze scan results to identify true positives, eliminate false positives, and validate risk
• Prioritize vulnerabilities based on exploitability, threat intelligence, and business impact
• Expand scan coverage to include previously unassessed or shadow IT assets
  
  

Technical Remediation Coordination

• Work closely with IT, DevOps, and engineering teams to drive remediation efforts
• Provide clear, actionable, and technically detailed remediation guidance
• Validate fixes through re-testing and secure configuration reviews
• Track remediation progress and enforce SLA adherence
• Support secure coding and hardening practices where needed
  
  

Patch Management Oversight

• Oversee patching cycles for operating systems, applications, and infrastructure components
• Ensure timely deployment of critical and high-risk security patches
• Align patching priorities with vulnerability risk ratings and active threat intelligence
• Monitor patch compliance and highlight gaps or delays
• Collaborate with asset owners to minimize exposure windows
  
  

Threat Intelligence & Risk-Based Prioritization

• Monitor emerging threats, exploits, and zero-day vulnerabilities
• Align vulnerability prioritization with current threat landscape and attack trends
• Integrate threat intelligence into vulnerability management lifecycle
• Implement risk-based vulnerability management methodologies
  
  

Tools, Automation & Optimization

• Ensure optimal configuration and coverage of security testing tools
• Evaluate and implement new offensive security tools and automation frameworks
• Develop scripts or automation to enhance testing and validation efficiency
  
  

Reporting & Metrics

• Develop dashboards and reports for leadership and stakeholders
• Track KPIs such as vulnerability aging, remediation SLAs, exploitability, and risk exposure
• Provide actionable insights to support risk reduction and decision-making
• Perform any other duties assigned to by line manager related to the nature of the work
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.
  
  

Qualifications

Preferred Qualifications

• A tertiary level qualification from an internationally recognized institution
• Industry-recognized certifications in (OSCP (Offensive Security Certified Professional) or CPENT (Certified Penetration Testing Professional)
  
  

Years & Nature of Experience

• Recommended to have 5 to 7 years of equivalent experience where required competencies and experience has been demonstrated in Network Security & VAPT tools
• A specialist individual contributor or a team lead who has managed and delivered projects
• Has team or technical supervision skills
• Demonstrated expertise and experience with complex technical activities
• Has worked with more senior staff and dealt with complex issues, larger clients, accounts, projects, or internal relationships.
• Deep understanding of various operating systems such as Windows, Linux etc.
• Good analytical skills, problem solving and interpersonal skills
  
  

Technical Competencies

• Vulnerability reporting
• Mobile Application testing
• Cloud Security
  
  

Behavioural Competencies

• Value-Led Accountability
• Empowered People
• Collaborative Agility
• Trust & Transparency
• Communication