Vulnerability & Cloud Security Program Manager
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Vulnerability & Cloud Security Program Manager based in the United States.
This role is responsible for leading enterprise-wide vulnerability management and cloud security posture programs that protect complex hybrid environments. You will oversee the full lifecycle of vulnerability detection, prioritization, and remediation across cloud, on-premise, and application layers. The position plays a key role in strengthening organizational security maturity while reducing risk exposure in fast-evolving infrastructure ecosystems. You will work closely with engineering, DevOps, and infrastructure teams to embed security into development and operational workflows. The role requires a strong balance of technical expertise and program leadership, with direct visibility into security risk trends and executive reporting. It is a high-impact position focused on driving scalable, automated, and measurable security improvements across the enterprise.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Vulnerability & Cloud Security Program Manager based in the United States.
This role is responsible for leading enterprise-wide vulnerability management and cloud security posture programs that protect complex hybrid environments. You will oversee the full lifecycle of vulnerability detection, prioritization, and remediation across cloud, on-premise, and application layers. The position plays a key role in strengthening organizational security maturity while reducing risk exposure in fast-evolving infrastructure ecosystems. You will work closely with engineering, DevOps, and infrastructure teams to embed security into development and operational workflows. The role requires a strong balance of technical expertise and program leadership, with direct visibility into security risk trends and executive reporting. It is a high-impact position focused on driving scalable, automated, and measurable security improvements across the enterprise.
Accountabilities:
- Lead and manage the end-to-end vulnerability management and cloud security posture management (CSPM) lifecycle, ensuring timely identification, prioritization, and remediation of risks across environments.
- Administer and optimize security tooling and platforms, including configuration, automation, reporting, integrations, and workflow improvements.
- Monitor cloud infrastructure (primarily AWS) to detect misconfigurations, excessive permissions, and compliance drift, ensuring continuous security posture improvement.
- Partner with engineering, DevOps, and infrastructure teams to coordinate remediation efforts, provide technical guidance, and resolve complex vulnerabilities.
- Align vulnerability and cloud security practices with regulatory and industry frameworks such as NIST CSF, ISO 27001, FedRAMP, and CIS Controls.
- Track, analyze, and report security KPIs and risk metrics, including vulnerability trends, remediation SLAs, and overall risk posture to leadership.
- Drive automation of detection, remediation, and security workflows to improve efficiency and scalability of security operations.
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent practical experience.
- 5+ years of experience in vulnerability management, with at least 2+ years focused on cloud security.
- Hands-on experience with CSPM and vulnerability management tools such as Wiz, AWS Inspector, Nessus, or OpenSCAP.
- Strong knowledge of AWS security architecture, cloud-native environments, and infrastructure security best practices.
- Familiarity with vulnerability scoring systems (e.g., CVSS) and risk-based prioritization methodologies.
- Strong communication and stakeholder management skills, with the ability to collaborate across technical and non-technical teams.
- Relevant certifications such as CISSP, AWS Security Specialty, or GIAC Cloud Security are a plus.
- Knowledge of compliance frameworks including PCI DSS, HIPAA, SOX, or FedRAMP is highly desirable.
- Competitive base salary range of $180,000 – $220,000 depending on location, experience, and qualifications.
- Comprehensive medical, dental, and vision insurance coverage.
- 401(k) retirement plan to support long-term financial planning.
- Unlimited paid time off to support work-life balance and flexibility.
- Hybrid and flexible work arrangements depending on location eligibility.
- Opportunities for professional growth, learning, and career advancement.
- Inclusive and collaborative work environment focused on security innovation and impact.