About the role

We are looking for an experienced Vulnerability Manager to lead our efforts in identifying, assessing, and mitigating security vulnerabilities in various software products. The ideal candidate will have a deep understanding of application security, risk assessment, and mitigation strategies, along with a proven track record of driving security initiatives within complex software environments.

Key responsibilities

Analyze and prioritize identified vulnerabilities based on potential impact and exploitability, and provide actionable recommendations to development teams for remediation

Collaborate with cross-functional teams to develop and implement effective mitigation strategies, including providing guidance on secure coding practices and architectural improvements

Assess security risks associated with vulnerabilities and track them through resolution. Provide clear risk communication to technical and non-technical stakeholders

Stay up-to-date with industry security standards, regulations, and best practices. Ensure that our software products adhere to relevant security standards

Contribute to the development and enhancement of incident response plans and processes, ensuring timely and effective responses to security incidents

Conduct regular and comprehensive vulnerability assessments on our platforms and software applications to identify potential security weaknesses and threats

Generate regular reports for executive leadership, summarizing the security posture of our software applications, ongoing vulnerability management efforts, and progress toward resolution

About you

Bachelor's or Master's degree in Computer Science, Information Security, or a related field

Proven experience (2+ years) in vulnerability management, application security, and secure coding practices, preferably in the fintech industry

Solid understanding of common application vulnerabilities (OWASP Top Ten), as well as security standards and frameworks (ISO 27001, NIST, etc.)

Experience with security assessment tools, penetration testing techniques, and vulnerability scanning tools

Familiarity with secure software development lifecycle (SDLC) principles

Professional certifications such as CISSP, CISM, CEH, or related certifications are a plus

Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical teams

Proven ability to manage multiple projects, prioritize tasks, and meet deadlines

Knowledge of container-based environments (Kubernetes)

Knowledge of cloud-based platforms (AWS, Azure, GCP)