Manager - Vulnerability Management

The role is responsible for embedding security into the software development lifecycle (SDLC) and ensuring the security of cloud-native, and microservices-based applications, and managing and optimizing the Data Security Assessment Tool (D-SAT). The role involves proactively identifying, assessing, and mitigating security risks in applications while implementing industry-leading security practices to safeguard digital assets. Responsibilities

Implement Secure-by-Design and Zero Trust Architecture (ZTA) principles in agile & DevSecOps environments. Conduct automated and manual threat modelling for API security, cloud-native applications, and AI models. Lead the identification and classification of vulnerabilities, assess their risk levels, and collaborate with relevant stakeholders to prioritize remediation efforts. Oversee the remediation process, ensuring timely resolution of high-priority vulnerabilities and minimizing security risks to the organization. Perform static (SAST), dynamic (DAST), interactive (IAST), and software composition analysis (SCA) to identify security flaws. Assess and mitigate risks in AI / ML-based applications, including adversarial attacks and data poisoning threats. Implement cloud security controls across Google cloud and Oracle Cloud, ensuring compliance with relevant standards. Integrate security testing tools into CI / CD pipelines Red Team Collaboration : Work closely with red and blue teams to conduct penetration testing and incident response. Develop and present regular reports on vulnerability management metrics, progress on remediation, and the overall security posture of the organization. Regulatory Compliance : Ensure compliance with ISO 27001,PCI DSS, and Saudi Arabian Cybersecurity Standards. Perform any other duties assigned to by line manager related to the nature of the work Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental / unit activities and operations. Qualifications Preferred Qualifications A tertiary level qualification from a recognized institution Computer Science, Information Security, or a related field. Years & Nature of Experience Recommended 3 to 5 years of equivalent experience in information security or vulnerability management where required competencies and experience has been demonstrated Proven experience managing security tools like D-SAT, vulnerability scanners, or similar platforms. Strong understanding of risk management frameworks and vulnerability assessment methodologies.

#J-18808-Ljbffr