Senior Vulnerability Management Analyst

Atlanta - Nebraska - Minnesota - Arizona - Florida

Permanent

USD100000 - USD115000

Cybersecurity

PR/596339_1781528530

Glocomms is partnered with a leading wealth management firm to hire a Senior Vulnerability Management to drive and mature an enterprise-wide security program. This individual will own the vulnerability lifecycle, embed security into development processes, and partner across teams to reduce risk.

Position Overview

The Senior Vulnerability Management & AppSec Lead is responsible for operating and improving a comprehensive vulnerability and application security program, with a focus on risk-based prioritization, SDLC integration, and measurable risk reduction.

Key Responsibilities

Own the end-to-end vulnerability lifecycle
Prioritize risk using CVSS, KEV, and threat intelligence
Analyze vulnerabilities and assess exploitability and business impact
Drive cross-functional remediation with engineering and infrastructure teams
Manage external attack surface and reduce exposure
Embed security into the SDLC, including SAST/DAST and CI/CD controls
Conduct threat modeling, architecture, and code reviews
Support penetration testing and validate findings severity
Lead cloud and infrastructure hardening initiatives
Collaborate with Detection & Response on logging and alerting improvements
Build metrics, reporting, and automation to improve program maturity
Mentor team members and support security program improvements

Qualifications

3-6 years of experience in vulnerability management, application security, or security engineering
Ability to work in a hybrid setting (4 days in office)
Experience managing the full vulnerability lifecycle in an enterprise environment
Familiarity with CVSS, KEV, and threat intelligence-driven prioritization
Understanding of AppSec practices and secure SDLC integration
Exposure to cloud environments and modern infrastructure
Experience with security tools (scanners, SAST/DAST, asset management)
Knowledge of threat modeling and secure architecture principles
Strong collaboration skills across technical teams
Certifications preferred (CISSP, GIAC, CCSP)

FAQs

I have applied for a role, what happens next?

Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.

This role doesn’t 100% suit my next professional move, can you help?

Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.

We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.

That's why we recommend registering your CV so you can be considered for roles that have yet to be created.

Can you help with resume preparation, interviews, and offer negotiation?

Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.