×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Vulnerability Management Lead

Job in San Diego, San Diego County, California, 92189, USA
Listing for: Saronic Technologies
Full Time position
Listed on 2026-06-24
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.

Job Overview

We're looking for a hands-on Vulnerability Management Lead to own Saronic's VM program end-to-end. You will be the technical authority for vulnerability discovery, triage, prioritization, remediation, and reporting across our entire environment — cloud, on-prem, embedded systems, and classified infrastructure. This is an individual contributor role with significant operational and strategic ownership: you'll build and run the program, drive accountability across engineering teams, and shape the long‑term VM posture as Saronic scales.

You're a doer first. You're also someone who can step back, think about the program architecturally, and communicate risk clearly to leadership. The right person for this role has strong opinions about how VM should work, isn't afraid to push for remediation ownership across the org, and sees automation as the path to scale.

Responsibilities

Vulnerability Operations

  • Own end‑to‑end vulnerability lifecycle: discovery, validation, prioritization, remediation tracking, exception management, and verification across cloud, on-prem, container, and embedded Linux environments

  • Operate and optimize enterprise vulnerability scanning platforms for continuous credentialed scanning across servers, endpoints, network devices, containers, and cloud assets; maintain coverage, schedules, and configuration audit policies

  • Integrate vulnerability scanning into CI/CD pipelines to harden build workflows, enforce least‑privilege controls, and surface supply chain risks before they reach production

  • Leverage AI‑assisted scanning and graph‑based enrichment pipelines to accelerate triage, map lateral exposure paths, and prioritize findings by exploitability and mission impact

  • Correlate findings across tools to eliminate noise, reduce false positives, and surface the vulnerabilities that actually matter

Prioritization & Remediation Leadership

  • Apply CVSS, CISA KEV, exploit maturity, and asset exposure context — including internet‑facing systems, privileged access paths, and classified adjacency — to drive risk‑based SLAs and remediation sequencing

  • Partner with software and platform engineering teams to drive timely remediation; own escalation paths for aging critical and high findings

  • Lead critical CVE response: rapid triage, impact assessment, containment guidance, and stakeholder communication for zero‑days and actively exploited vulnerabilities

  • Govern exception management: risk acceptance with compensating controls, time‑bound approvals, and periodic review cycles

  • Coordinate patching windows and change management across Windows, Linux, network devices, and cloud services

Compliance & Reporting

  • Align the VM program to CMMC Level 2/3 requirements; produce audit‑ready evidence, POA&Ms, and control effectiveness documentation

  • Deliver executive and operational reporting: exposure trends, SLA performance, mean time to remediate, patch coverage, and remediation velocity

  • Support CMMC assessments and audits with clean, well‑documented vulnerability data and remediation history

  • Maintain asset inventory hygiene and scan coverage metrics; ensure classified and sensitive system boundaries are respected in tooling and data handling

Program Maturity & Automation

  • Build and mature automation for scan scheduling, finding enrichment, ticket creation, SLA tracking, and reporting — reducing manual overhead as the program scales

  • Define and refine VM policies, procedures, and playbooks including critical CVE response runbooks and patch cadence standards

  • Evaluate and recommend tooling improvements; drive integration across the vulnerability management and broader security stack

  • Mentor and support analysts as the team grows; run tabletop exercises for vulnerability and patching scenarios

Qualifications

  • 5+ years in cybersecurity with 3+ years of hands‑on vulnerability management ownership in hybrid on‑prem/cloud environments

  • Deep operational expertise with enterprise vulnerability scanning platforms — credentialed scanning, policy…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search