- POSITION & RESPONSABILITIES
Position: Lead Vulnerability Expert (Player-Coach)
Responsibilities:
- Act as the technical lead for vulnerability detection, validation, and remediation.
- Perform advanced analysis: exploit reproduction, impact assessment, and attack-path mapping.
- Optimize vulnerability scanning tools for accuracy and coverage.
- Master Active Defense tools to enhance efficiency and develop automation capabilities.
- Mentor and coach team members: review outputs, share best practices, and elevate technical skills.
- Collaborate with infrastructure, Identity and local teams to optimize remediation efforts.
- Stay ahead of zero-days, KEV advisories, and exploit trends; lead technical response during critical events.
- Ensure communication with business units, track incidents, and follow up.
- Support Offensive Security initiatives with vulnerability context and exploit validation.
MISSION
Technical Excellence
- Act as the technical authority for vulnerability management within the Active Defense team.
- Ensure continuous exposure reduction by applying the CTEM (Continuous Threat Exposure Management) framework to prioritize and address vulnerabilities based on real-world risk.
- Drive advanced vulnerability analysis, including exploit reproduction in collaboration with the offensive security team, attack-path mapping, and impact assessment, to provide actionable insights for remediation.
- Develop automation and tooling enhancements to improve efficiency and accuracy in vulnerability detection and validation.
Leadership & Enablement
- Serve as a mentor and coach for a team of analysts and engineers, fostering technical growth and best practices.
- Act as a bridge between technical teams and business units, ensuring clear communication of risks and remediation priorities.
- Lead cross-functional collaboration to remove blockers and accelerate remediation efforts.
- Support Offensive Security initiatives by validating exploitability and providing vulnerability context for attack simulations.
Strategic Contribution
- Drive and animate community programs (e.g., Weekly Operational Cybersecurity Calls, seminars, and other initiatives).
- Maintain situational awareness of emerging threats, zero-days, and KEV advisories, ensuring rapid technical response during critical events.
- Contribute to the Active Defense vision by aligning vulnerability management activities with corporate security objectives.
- RELATIONSHIPS
- Reports to: Head of Active Defense
- Active Defense team members (Vulnerability Management, Offensive Security, SecOps Engineering)
- Infrastructure, Cloud, and Application teams
- Vulnerability Champions who are part of the local cyber teams
- EXPERIENCE
The Lead Vulnerability Expert excels at simplifying and optimizing vulnerability management workflows, demonstrates strong understanding of IT architecture, and can propose effective vulnerability workarounds.
A thorough knowledge of Tenable and WIZ tools is highly appreciated.
The Lead Vulnerability Expert is familiar with intrusion methods on computer systems and networks and can determine the potential impact of a vulnerability according to multiple factors:
- Popularity of the impacted hardware or software
- REQUIRED SKILLS
- Have a thorough knowledge of the methods and functions of security equipment.
- 5 years’ experience with vulnerability management or related security functions.
- Participate in the improvement and development of process and procedure documentation.
- Ability to work independently to perform analysis and investigations.
- Possess an information security and operations mindset.
- Keep a personal watch and share it with the security teams.
- Ability to multi-task and prioritize.
- Full proficiency in verbal and written English.
- Adaptability and resilience in a fast-paced, evolving threat landscape.