Lead Threat & Vulnerability Management Engineer

Recruitment Fraud Alert

Weve learned that scammers are impersonating Commvault team membersincluding HR and leadershipvia email or text. These bad actors may conduct fake interviews and ask for personal information such as your social security number.

What to know:

• Commvault doesnotconduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information SSN etc) before your first day.

If you suspect a recruiting scam please contact us at

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover take action and rapidly recover from cyberattacks keeping data safe and businesses resilient. The companys unique AI-powered platform combines best-in-class data protection exceptional data security advanced data intelligence and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years more than 100000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks improve governance and do more with data.

The Opportunity

Commvault is seeking a Lead Threat & Vulnerability Management Engineer to serve as a technical and strategic cornerstone of our Threat & Vulnerability Management program. Acting as a senior member of the team you will mentor Vulnerability Management analysts/engineers provide technical remediation guidance and work cross-functionally to reduce risk across enterprise assets. The right candidate will be a self-starter who is comfortable working independently rolling up their sleeves when needed and using every available resource to improve processes drive remediation and advance the maturity of the program.

What youll do

• Act as the technical and operational lead for the Vulnerability Management program setting standards and guiding best practices
• Mentor analysts through complex vulnerability analysis prioritization and remediation workflows

• Develop and maintain effective relationships with Engineering IT and application development teams to ensure vulnerabilities are clearly understood properly risk-assessed and effectively remediated.

• Provide expert-level guidance on interpreting CVEs CVSS CISA KEV advisories and vendor bulletins to assess exploitability and organizational impact.

• Monitor key performance indicator (KPI) metrics; track and report on performance; provide reporting to security management on performance.

• Automate repetitive tasks and data flows through scripts and integrations (e.g. Bash Python PowerShell or API-based automation).
• Advocate for continuous improvement by identifying tooling process and training gaps and taking the initiative to close them.
• Stay abreast of industry trends and changing threat landscape and review technologies/services and make recommendations to continuously improve our capabilities

Who you are

• 7 years of Vulnerability Management or security operations experience with demonstrated ownership of enterprise vulnerability workflows.

• Ability to respond to critical zero-day exploits and incidents 24x7
• Demonstrated project management skills specifically managing multiple concurrent projects.

• Hands-on experience with vulnerability management tools (BitSight Qualys Rapid7 Tenable Wiz etc.).

• In-depth understanding of CVSS CISA KEV EPSS and modern vulnerability prioritization methodologies.
• Hands-on experience across hybrid cloud environments (AWS Azure GCP) and with containerization (Docker Kubernetes).
• Proven ability to mentor others and influence teams through technical expertise and effective communication.
• Experience supporting regulatory compliance initiatives (e.g. FedRAMP PCI-DSS SOC2) by implementing controls to address compliance requirements and providing evidence to auditors/regulators
• Strong scripting skills (Python PowerShell or equivalent) and familiarity with integrating security data into ticketing and reporting systems (Jira ServiceNow).
• Exceptional communication skills able to break down complex vulnerabilities for non-security stakeholders while retaining accuracy and context.
• Demonstrated self-direction and initiative in building solutions improving operations and championing collaboration across teams.

• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

• Relevant certifications such as CISSP GCIH OSCP GPEN CCSP are a plus
• SaaS & Security experience preferred.

Youll love working here because:

• Employee stock purchase plan (ESPP)
• Continuous professional development product training and career pathing
• Annual health check-ups Car lease Program and Tuition Reimbursement
• An inclusive company culture an opportunity to join our Community Guilds
• Personal accident cover and Term life cover