Cox
Senior Manager of Vulnerability Management
Cox, Powder Springs, Georgia, United States, 30127
Overview
The Senior Manager of Vulnerability Management will lead a team of cybersecurity professionals that provide continuous internal and external vulnerability scanning and reporting, and continuous configuration monitoring of both on-premise and multi-cloud environments. This role will manage the external attack surface and monitor for critical vulnerabilities impacting the Cox Automotive environment and lead rapid vulnerability response efforts. The scope is Cox Automotive wide and includes both enterprise and product technologies as well as domestic and international business units. This role reports to the Senior Director of Vulnerability Management and Continuous Control Monitoring. Responsibilities
Lead and mentor a team of cybersecurity professionals, delivering continuous scanning, identification, and reporting of the external-facing attack surface across on-premise and cloud-based environments, for both enterprise and product technologies. Provide continuous scanning, identification, and reporting of vulnerabilities across on-premise and cloud-based environments for both enterprise and product technologies. Manage the operations and effectiveness of configuration security posture management and compliance capabilities for multiple hyperscaler cloud environments (AWS, Azure, OCI, etc.). Partner with the Security Architecture team to ensure critical cybersecurity configurations are monitored through CSPM and SSPM capabilities. Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies across enterprise and product technology teams. When imminent threats or relevant zero-day vulnerabilities are identified, lead rapid vulnerability response efforts across the Cox Automotive Product and Technology Group. Monitor vulnerability mitigation progress and partner with engineering teams to provide recommendations for efficient risk remediation or mitigation. Provide regular reporting on the current state of vulnerabilities and configurations across the entire Cox Automotive environment, including on-premise and cloud environments globally. Partner with risk management, compliance, and audit teams to address regulatory and contractual requirements. Partner with merger and acquisition teams to ensure rapid deployment of vulnerability scanning, attack surface visibility tools to acquisitions. Lead and coordinate large-scale information security projects, including the implementation and delivery of infrastructure security scanning. Stay abreast of industry-leading vulnerability and software security vendors and inform product roadmaps. Demonstrate working knowledge of network systems, security principles, applications, defense-in-depth, and intelligence-driven strategies. Apply detailed knowledge of vulnerability management, configuration management, software security, red team concepts, tools, and trends. Minimum Qualifications
Bachelor's degree in a related discipline and 8 years of experience in information security with a demonstrated path of increasing scope and management responsibilities (alternative combinations: master's degree with 6 years, PhD with 3 years, or 20 years of related experience). 3+ years directly managing cybersecurity Vulnerability Management teams. Ability to drive consensus and collaboration among diverse teams, individuals, and functional groups to achieve business results. Excellent interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout the organization. Demonstrated track record of project and operational delivery. Knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP). Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.). At least one relevant industry security certification (CISSP, SANS GIAC, C|EH, CISM, CRISC, CISA). Preferred Qualifications
Advanced degree (MBA / MS). 5+ years of experience in a senior management role. Cybersecurity experience in critical infrastructure industries (e.g., telecommunications, financial services, defense, or government). Compensation
USD 144,900.00 - 241,500.00 per year. The base salary may vary within the anticipated base pay range based on location and the candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation, including an incentive program. Benefits
The company offers eligible employees vacation with pay as duties permit, seven paid holidays per year, and up to 160 hours of paid wellness annually for personal or family wellness. Additional paid time off includes bereavement leave, voting time off, jury duty leave, volunteer time off, military leave, and parental leave. #J-18808-Ljbffr
The Senior Manager of Vulnerability Management will lead a team of cybersecurity professionals that provide continuous internal and external vulnerability scanning and reporting, and continuous configuration monitoring of both on-premise and multi-cloud environments. This role will manage the external attack surface and monitor for critical vulnerabilities impacting the Cox Automotive environment and lead rapid vulnerability response efforts. The scope is Cox Automotive wide and includes both enterprise and product technologies as well as domestic and international business units. This role reports to the Senior Director of Vulnerability Management and Continuous Control Monitoring. Responsibilities
Lead and mentor a team of cybersecurity professionals, delivering continuous scanning, identification, and reporting of the external-facing attack surface across on-premise and cloud-based environments, for both enterprise and product technologies. Provide continuous scanning, identification, and reporting of vulnerabilities across on-premise and cloud-based environments for both enterprise and product technologies. Manage the operations and effectiveness of configuration security posture management and compliance capabilities for multiple hyperscaler cloud environments (AWS, Azure, OCI, etc.). Partner with the Security Architecture team to ensure critical cybersecurity configurations are monitored through CSPM and SSPM capabilities. Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies across enterprise and product technology teams. When imminent threats or relevant zero-day vulnerabilities are identified, lead rapid vulnerability response efforts across the Cox Automotive Product and Technology Group. Monitor vulnerability mitigation progress and partner with engineering teams to provide recommendations for efficient risk remediation or mitigation. Provide regular reporting on the current state of vulnerabilities and configurations across the entire Cox Automotive environment, including on-premise and cloud environments globally. Partner with risk management, compliance, and audit teams to address regulatory and contractual requirements. Partner with merger and acquisition teams to ensure rapid deployment of vulnerability scanning, attack surface visibility tools to acquisitions. Lead and coordinate large-scale information security projects, including the implementation and delivery of infrastructure security scanning. Stay abreast of industry-leading vulnerability and software security vendors and inform product roadmaps. Demonstrate working knowledge of network systems, security principles, applications, defense-in-depth, and intelligence-driven strategies. Apply detailed knowledge of vulnerability management, configuration management, software security, red team concepts, tools, and trends. Minimum Qualifications
Bachelor's degree in a related discipline and 8 years of experience in information security with a demonstrated path of increasing scope and management responsibilities (alternative combinations: master's degree with 6 years, PhD with 3 years, or 20 years of related experience). 3+ years directly managing cybersecurity Vulnerability Management teams. Ability to drive consensus and collaboration among diverse teams, individuals, and functional groups to achieve business results. Excellent interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout the organization. Demonstrated track record of project and operational delivery. Knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP). Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.). At least one relevant industry security certification (CISSP, SANS GIAC, C|EH, CISM, CRISC, CISA). Preferred Qualifications
Advanced degree (MBA / MS). 5+ years of experience in a senior management role. Cybersecurity experience in critical infrastructure industries (e.g., telecommunications, financial services, defense, or government). Compensation
USD 144,900.00 - 241,500.00 per year. The base salary may vary within the anticipated base pay range based on location and the candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation, including an incentive program. Benefits
The company offers eligible employees vacation with pay as duties permit, seven paid holidays per year, and up to 160 hours of paid wellness annually for personal or family wellness. Additional paid time off includes bereavement leave, voting time off, jury duty leave, volunteer time off, military leave, and parental leave. #J-18808-Ljbffr