Unified Vulnerability Management (UVM) Specialist

Duties and Responsibilities

• Aggregate and normalize vulnerability data from diverse sources into a unified vulnerability platform (UVM).

• Experience with integrating self-hosted and SaaS-based applications via APIs. Expertise utilizing native API integrations and developing custom integrations (via code or scripts).

• Collaborate with product owners (Vulnerability Management DevSecOps Cloud Security etc.) to ensure the collection quality normalization and enrichment of vulnerability data.

• Apply standardized vulnerability severity scoring and customize it to reflect business context and risk appetite.

• Develop and maintain centralized dashboards to visualize risk posture across applications and environments. To include custom dashboards for different stakeholder types (executives business owners and resource owners).

• Collaborate with Technical Security Advisors and BISOs to maintain and improve risk reporting (visualizations dashboards reports notifications etc.).

• Improve exception workflows through UVM integrations with workload mgmt./ticketing systems.

• Build and maintain RBAC to the UVM platform (dashboards reports etc.).

• Define and enforce remediation SLAs and shift-left prevention policies.

• Support operational workflows for risk acceptance false positives and severity overrides.

• Participate in recurring vulnerability oversight meetings and provide actionable insights.

• Contribute to the development of vulnerability lifecycle processes and automation strategies.

• Maintain comprehensive documentation of technology projects processes etc.

• Stay up to date on security practices and standards; participate in educational opportunities; read professional publications.

• Participate in special projects and other duties as assigned.

Qualifications

• Undergraduate degree in IT or cybersecurity is preferred.

• 3-5 years of experience in vulnerability management.

• Hands-on experience with unified vulnerability management (UVM) solutions (e.g. ArmorCode Wiz).

• Strong understanding of OWASP Top 10 CVE CVSS NVD and other vulnerability standards.

• Experience with programming and scripting languages (e.g. Python PowerShell) is preferred.

• Familiarity with data engineering solutions (e.g. Athena Tableau) workload management solutions (e.g. Jira ServiceNow) version control and pipeline solutions (e.g. Bamboo GitHub) and IaC solutions (e.g. Terraform Ansible).

• Knowledge of application development build and deployment processes (development IDEs repositories branching pipelines cloud containers serverless etc.).

• Professional certifications such as CISSP CCSP or Security a plus.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.