Manager for Total Vulnerability Management (TVM)

Job Description:

The Manger for Total Vulnerability Management (TVM) serves as the enterprise lead for identifying assessing prioritizing and remediating security vulnerabilities across all data center and cloud hosted environments supporting the development delivery and hosting of insurance software. Reporting directly to the Director of Cybersecurity for Insurance Software this is a supervisory role responsible for developing and executing a comprehensive vulnerability management strategy that aligns with the organizations risk appetite policies standards and regulatory requirements. The Manager for TVM oversees the full lifecycle of vulnerability and patch management including asset and vulnerability discovery patching mitigation and remediation prioritization as well as metric reporting to executive leadership and responding to internal and external audits. This position partners closely with infrastructure application and delivery teams to ensure timely remediation while driving continuous improvement of processes tooling and automation to reduce the organizations attack surface.

Required:

• Minimum of 58 years of professional security experience with at least 3 years focused on vulnerability management.
• Hands-on experience with vulnerability scanning tools (e.g. Tenable Qualys Rapid7 Wiz Prisma Cloud).
• Strong understanding of cloud environments (AWS Azure GCP) and SaaS-specific security concerns.
• Experience managing vulnerabilities across containers and serverless architectures.
• Familiarity with application security testing (SAST DAST penetration testing coordination).
• Proficiency with threat intelligence sources and mapping vulnerabilities to real-world risk.
• Knowledge of patch management processes and integration with IT/DevOps workflows (CI/CD).
• Understanding of network security fundamentals including firewalls IDS/IPS and endpoint security.
• Proven ability to work with cross-functional teams (engineering DevOps compliance product) to drive remediation.
• Familiarity with regulatory and compliance frameworks (SOC 2 ISO 27001 HIPAA GDPR).
• Strong background in risk assessment and prioritization translating technical findings into business impact.
• Experience in developing and reporting metrics and KPIs for vulnerability management.
• Familiarity with automation and scripting (Python PowerShell Bash) to streamline vulnerability workflows.
• Knowledge of NIST MITRE ATT&CK CVSS scoring and industry standards for vulnerability classification.
• Demonstrated ability to manage a team of security professionals.
• Excellent communication and presentation skills for executive-level reporting.

Preferred:

• CISSP CISM CISA OSCP or GIAC certifications (e.g. GSEC GCIH GMON) demonstrating advanced security expertise.
• Background in DevSecOps practices and embedding vulnerability management into CI/CD pipelines.
• Experience with infrastructure-as-code (IaC) scanning (Terraform CloudFormation).
• Familiarity with software composition analysis (SCA) tools for open-source dependency management.
• Knowledge of zero-trust security principles and modern enterprise architecture security.
• Exposure to forensics and reverse engineering for advanced vulnerability analysis.
• Experience working in a SaaS company.
• Strong knowledge of emerging security trends such as AI-driven threats and supply chain security.

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances. Were committed to fostering an inclusive environment where everyone can thrive.

If you are an applicant from the United States Guam or Puerto Rico

DXC Technology Company (DXC) is anEqual Opportunity employer. All qualified candidates will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age disability pregnancy veteran status genetic information citizenship status or any other basis prohibited by law. View postings below .

We participate in addition to the posters already identified DXC provides access to prospective employees for theFederal Minimum Wage Poster Federal Polygraph Protection Act Poster as well as any state or locality specific applicant posters. To access the postings in the link below select your state to view all applicable federal state and locality postings. Postings are available in English and in Spanish where required. View postings below.

Postings Link

Disability Accommodations

If you are an individual with a disability a disabled veteran or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability you may request a reasonable accommodation by contacting us viaemail.

Please note: DXC will respond only to requests for accommodations due to a disability.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services such as false websites or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process nor ask a job seeker to purchase IT or other equipment on our information on employment scams is availablehere.