Keeper Security
Senior Vulnerability Manager
Keeper Security, El Dorado Hills, California, United States, 95762
Keeper Security is hiring an experienced Senior Vulnerability Manager to lead and mature our enterprise vulnerability management program. This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based in the El Dorado Hills, CA or Chicago, IL metro area.
Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations, globally. Keeper is published in 21 languages and is sold in over 120 countries. Join one of the fastest-growing cybersecurity companies and bring your IL5 DevOps expertise to mission-critical work.
About Keeper
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
About the Job
As the Senior Vulnerability Manager, you will own the strategy, technology stack, and execution of Keeper’s enterprise vulnerability management program. You’ll lead initiatives that drive measurable risk reduction across Keeper’s commercial and public-sector deployments by integrating vulnerability discovery, prioritization, and remediation into every layer of our operations. You will work cross-functionally with Engineering, DevOps, IT, and Security Operations to embed vulnerability awareness into product development and cloud operations, while ensuring compliance with industry frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53.
Responsibilities
Own Keeper’s enterprise vulnerability management strategy, governance, and SLAs across all environments
Build scalable processes for vulnerability discovery, risk scoring, and remediation across multi-cloud and SaaS infrastructure
Manage vulnerability scanning and asset discovery tools (e.g., Tenable.io) and ensure continuous coverage
Correlate vulnerability data with threat intelligence and exploit activity to drive risk-based prioritization
Partner with Engineering, DevOps, IT, and Cloud Operations to ensure timely remediation and SLA adherence
Integrate vulnerability tracking and remediation into CI/CD and ticketing systems (e.g., Jira, ServiceNow, GitLab)
Automate scanning, correlation, and reporting workflows using scripting and API integrations
Develop dashboards and analytics to measure exposure trends and risk reduction progress
Monitor zero-day vulnerabilities, CISA KEV bulletins, and exploit campaigns to guide proactive mitigation
Ensure compliance alignment with frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53
Communicate vulnerability insights and risk metrics to leadership and key stakeholders
Mentor engineers and analysts, fostering a culture of precision, accountability, and continuous improvement
Represent vulnerability management in executive briefings, audits, and public-sector engagements
Requirements
7+ years of experience in vulnerability management, security engineering, or cyber risk management
Proven success managing enterprise-scale vulnerability programs across SaaS and public-sector environments
Deep expertise in vulnerability scanning, CVE/CVSS scoring, exploit analysis, and risk prioritization
Strong understanding of cloud environments (AWS, GCP, Azure) and modern application stacks
Demonstrated ability to communicate technical risk clearly to both executive and non-technical stakeholders
Solid grasp of relevant compliance frameworks: NIST SP 800-53, CIS Controls, ISO 27001, SOC 2, FedRAMP, StateRAMP
Excellent problem-solving, organizational, and cross-functional collaboration skills
Preferred Qualifications
Certifications such as CISSP, CISM, OSCP, or GIAC GCVS/GCFA
Experience with automation, scripting, and data analytics (Python, PowerShell, API integration, Splunk, or Elastic dashboards)
Background in security architecture, red teaming, or exploit development
Familiarity with vulnerability disclosure programs and coordination with bug bounty platforms
Experience developing and presenting vulnerability metrics to senior leadership or board-level stakeholders
Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience
Benefits
Medical, Dental & Vision (inclusive of domestic partnerships)
Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
Voluntary Short/Long Term Disability Insurance
401K (Roth/Traditional)
A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
Above market annual bonuses
Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Classification: Exempt
Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations, globally. Keeper is published in 21 languages and is sold in over 120 countries. Join one of the fastest-growing cybersecurity companies and bring your IL5 DevOps expertise to mission-critical work.
About Keeper
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
About the Job
As the Senior Vulnerability Manager, you will own the strategy, technology stack, and execution of Keeper’s enterprise vulnerability management program. You’ll lead initiatives that drive measurable risk reduction across Keeper’s commercial and public-sector deployments by integrating vulnerability discovery, prioritization, and remediation into every layer of our operations. You will work cross-functionally with Engineering, DevOps, IT, and Security Operations to embed vulnerability awareness into product development and cloud operations, while ensuring compliance with industry frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53.
Responsibilities
Own Keeper’s enterprise vulnerability management strategy, governance, and SLAs across all environments
Build scalable processes for vulnerability discovery, risk scoring, and remediation across multi-cloud and SaaS infrastructure
Manage vulnerability scanning and asset discovery tools (e.g., Tenable.io) and ensure continuous coverage
Correlate vulnerability data with threat intelligence and exploit activity to drive risk-based prioritization
Partner with Engineering, DevOps, IT, and Cloud Operations to ensure timely remediation and SLA adherence
Integrate vulnerability tracking and remediation into CI/CD and ticketing systems (e.g., Jira, ServiceNow, GitLab)
Automate scanning, correlation, and reporting workflows using scripting and API integrations
Develop dashboards and analytics to measure exposure trends and risk reduction progress
Monitor zero-day vulnerabilities, CISA KEV bulletins, and exploit campaigns to guide proactive mitigation
Ensure compliance alignment with frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53
Communicate vulnerability insights and risk metrics to leadership and key stakeholders
Mentor engineers and analysts, fostering a culture of precision, accountability, and continuous improvement
Represent vulnerability management in executive briefings, audits, and public-sector engagements
Requirements
7+ years of experience in vulnerability management, security engineering, or cyber risk management
Proven success managing enterprise-scale vulnerability programs across SaaS and public-sector environments
Deep expertise in vulnerability scanning, CVE/CVSS scoring, exploit analysis, and risk prioritization
Strong understanding of cloud environments (AWS, GCP, Azure) and modern application stacks
Demonstrated ability to communicate technical risk clearly to both executive and non-technical stakeholders
Solid grasp of relevant compliance frameworks: NIST SP 800-53, CIS Controls, ISO 27001, SOC 2, FedRAMP, StateRAMP
Excellent problem-solving, organizational, and cross-functional collaboration skills
Preferred Qualifications
Certifications such as CISSP, CISM, OSCP, or GIAC GCVS/GCFA
Experience with automation, scripting, and data analytics (Python, PowerShell, API integration, Splunk, or Elastic dashboards)
Background in security architecture, red teaming, or exploit development
Familiarity with vulnerability disclosure programs and coordination with bug bounty platforms
Experience developing and presenting vulnerability metrics to senior leadership or board-level stakeholders
Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience
Benefits
Medical, Dental & Vision (inclusive of domestic partnerships)
Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
Voluntary Short/Long Term Disability Insurance
401K (Roth/Traditional)
A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
Above market annual bonuses
Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Classification: Exempt