Lead Vulnerability Expert (FM)

1. POSITION & RESPONSABILITIES

Position:Lead Vulnerability Expert (Player-Coach)

Responsibilities:

• Act as the technical lead for vulnerability detection validation and remediation.

• Perform advanced analysis: exploit reproduction impact assessment and attack-path mapping.

• Optimizevulnerability scanning tools for accuracy and coverage.

• Master ActiveDefensetools to enhance efficiency and develop automation capabilities.

• Mentor and coach team members: review outputs share best practices and elevate technical skills.

• Collaborate with infrastructureIdentityandlocalteams tooptimizeremediation efforts.

• Stay ahead of zero-days KEV advisories and exploit trends; lead technical response during critical events.

• Ensure communication with business units track incidents and follow up.

• SupportOffensive Security initiativeswith vulnerability context and exploit validation.

MISSION

Technical Excellence

• Act as thetechnical authorityfor vulnerability management within the ActiveDefenseteam.

• Ensurecontinuous exposure reductionby applying theCTEM (Continuous Threat Exposure Management)framework to prioritize and address vulnerabilities based on real-world risk.

• Driveadvanced vulnerability analysis including exploit reproductionin collaboration with the offensive security team attack-path mapping and impact assessment toprovideactionable insights for remediation.

• Developautomation and tooling enhancementsto improve efficiency and accuracy in vulnerability detection and validation.

Leadership & Enablement

• Serve as amentor and coachfor a team of analysts and engineers fostering technical growth and best practices.

• Act as abridge between technical teams and business units ensuring clear communication of risks and remediation priorities.

• Leadcross-functional collaborationto remove blockers and accelerate remediation efforts.

• SupportOffensive Security initiativesbyvalidatingexploitability and providing vulnerability context for attack simulations.

Strategic Contribution

• Drive and animate community programs (e.g.Weekly Operational Cybersecurity Calls seminars and other initiatives).

• Maintainsituational awarenessof emerging threats zero-days and KEV advisories ensuring rapid technical response during critical events.

• Contribute to theActiveDefensevisionby aligning vulnerability management activities with corporate securityobjectives.

1. RELATIONSHIPS

• Reports to:Head of ActiveDefense

• Works closely with:

• ActiveDefenseteam members (Vulnerability Management Offensive Security SecOps Engineering)

• CSIRT

• Infrastructure Cloud and Application teams

• Vulnerability Champions who are part of thelocal cyber teams

1. EXPERIENCE

The Lead Vulnerability Expert excels at simplifying andoptimizingvulnerability management workflowsdemonstratesstrong understanding of IT architecture and can propose effective vulnerability workarounds.

A thorough knowledgeof Tenableand WIZtools is highly appreciated.

The Lead Vulnerability Expertis familiar with intrusion methods on computer systems and networksandcandeterminethe potentialimpactof a vulnerability according to multiplefactors:

• CVSS score

• EPSS score

• Popularity of the impacted hardware or software

• Ease of exploitability

• Existing PoC

• Etc

1. REQUIRED SKILLS

• Have a thorough knowledge of the methods and functions of security equipment.

• 5years experiencewithvulnerabilitymanagementor related security functions.

• Participate in the improvement and development of process and procedure documentation.

• Ability to work independently to perform analysis and investigations.

• Possess an information security and operations mindset.

• Keep a personal watch and share it with the security teams.

• Ability to multi-task and prioritize.

• Fullproficiencyin verbal and writtenEnglish.

• Adaptability and resilience in a fast-paced evolving threat landscape.