Senior Vulnerability Management Specialist

Location: Hybrid (3 days onsite/week) - Malvern, PA; Charlotte, NC; or Dallas, TX

Glocomms is partnered with a leading wealth management firm looking to grow their enterprise security team with a highly technical Vulnerability Management Specialist. This individual will play a central role in the firm's Continuous Threat Exposure Management (CTEM) efforts-responsible for identifying, analyzing, and driving remediation of vulnerabilities across both cloud and on-premises environments.

The ideal candidate brings hands-on experience with vulnerability scanners, cloud security tools, and risk aggregators, and has a strong track record of driving remediation against SLAs, triaging false-positives, and collaborating with cross-functional teams to address root causes of systemic weaknesses.

Key Responsibilities:

• Operate and maintain vulnerability scanning tools (e.g., Tenable Nessus, Qualys) to ensure complete and accurate visibility across cloud platforms (AWS, Azure) and on-prem infrastructure (Windows, Linux, network devices).
• Ingest and normalize vulnerability data from endpoint, container, and cloud-native security tools including CrowdStrike, Aqua, Prisma Cloud, and Wiz.
• Integrate scan and threat data into risk aggregators and exposure management platforms such as Brinqa, Kenna, Vulcan, Dazz, or Avalor for centralized analysis and prioritization.
• Lead false-positive triage, root-cause investigations, and recurrence analysis to improve scanning fidelity and reduce alert fatigue.
• Track remediation progress against defined SLA targets, working directly with infrastructure, application, and DevOps teams to resolve prioritized vulnerabilities.
• Apply CVE, CVSS, and threat intelligence context to identify, rank, and communicate risk based on asset sensitivity and exploitability.
• Produce detailed reporting and dashboards to communicate technical findings and risk posture to stakeholders across InfoSec, IT, and business leadership.
• Continuously refine the vulnerability management lifecycle in support of CTEM maturity, including scan coverage, prioritization logic, and remediation workflows.

Required Qualifications:

• 5+ years of experience in cybersecurity, with 3+ years focused on enterprise-scale vulnerability management across cloud and on-prem environments.
• Deep technical proficiency with tools such as Tenable Nessus, Qualys, or Rapid7 InsightVM.
• Experience with CrowdStrike, Prisma Cloud, Wiz, or Aqua for endpoint and cloud-native vulnerability visibility.
• Familiarity with risk aggregation platforms such as Brinqa, Kenna, Vulcan, Dazz, or Avalor.
• Strong understanding of CVE scoring, CVSS, and modern exposure management methodologies.
• Experience integrating vulnerability data with CMDB and ServiceNow or similar ITSM platforms.
• Ability to script in Python, PowerShell, or Bash to support automation and data processing.
• Excellent communication and documentation skills; capable of translating complex technical findings into actionable remediation plans.

Preferred Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related discipline.
• Relevant certifications such as CISSP, OSCP, GSEC, or CEH.
• Experience in regulated industries, preferably financial services or wealth management.
• Direct involvement in CTEM initiatives or threat-informed vulnerability management programs.

This is a hybrid role requiring 3 days per week onsite in Malvern, PA; Charlotte, NC; or Dallas, TX. Candidates must be authorized to work in the United States without sponsorship.

Applications must include a resume with full name (first, last) and contact information in order to be considered.