Deckers BrandsRemote
Lead Vulnerability Management Security Engineer
United States
Full Time
3 hours ago
$145,000 - $155,000 USD
H1B Sponsor Likely
Key skills
PythonPowerShellBITableauLeadershipCommunicationCloud Security
About this role
Deckers Brands is committed to fostering an inclusive and equitable workplace. As the Lead Vulnerability Management Security Engineer, you will architect the global strategic vision for the company's security posture, transitioning from reactive to proactive governance in vulnerability management while influencing the security culture across a multi-brand enterprise.
Responsibilities:
- Architect and lead the end-to-end vulnerability management lifecycle, ensuring alignment with global security frameworks such as NIST, ISO 27001/2, and CIS Top 20
- Lead high-level risk discussions with business and technical stakeholders to transform raw vulnerability data into prioritized, actionable remediation roadmaps
- Serve as a trusted security advisor to infrastructure and application teams, fostering a culture of shared accountability for security debt and remediation
- Design and maintain a comprehensive security metrics program using BI tools (e.g., Tableau) to communicate program effectiveness and residual risk to executive leadership
- Drive the strategic selection, integration, and optimization of advanced security technologies to ensure a future-ready defense against emerging threats
- Spearhead the use of Python, PowerShell, and API integrations (with tools like CrowdStrike) to automate repetitive workflows and improve the Mean Time to Remediate (MTTR)
- Own the development and continuous improvement of cybersecurity policies and standards, ensuring they reflect current global threat intelligence and regulatory requirements
- Perform complex, risk-based assessments of both on-premises and cloud-native services to ensure consistent security controls across a hybrid environment
- Build and present compelling technical and business cases for security investments, securing buy-in for initiatives that mitigate critical enterprise vulnerabilities
Requirements:
- BA/BS degree, or equivalent experience
- Demonstrated success in architecting, implementing, and scaling enterprise-grade vulnerability management programs from the ground up
- 7+ years of extensive experience in security vulnerability management, including sophisticated scanning methodologies, risk-based assessment, and complex remediation orchestration
- Advanced hands-on experience with industry-leading vulnerability management platforms and their integration into the broader security stack
- Deep understanding of mapping vulnerability remediation to regulatory frameworks and standards such as PCI-DSS, HIPAA, SOC2, and GDPR
- Proven ability to author and enforce enterprise security policies, standards, and SLAs that drive measurable risk reduction
- Expert-level skill in developing and presenting high-fidelity security metrics and KPIs to influence executive-level decision-making
- Advanced knowledge of current and emerging threat vectors, exploit techniques, and the ability to pivot strategies based on the evolving global landscape
- Strong background in aligning vulnerability data with Incident Response (IR) and Threat Hunting workflows to accelerate containment and recovery
- Experience serving as a technical lead on large-scale infrastructure and cloud security initiatives, ensuring 'secure-by-default' configurations
- Proficiency with vulnerability management tools (e.g., Tenable, CrowdStrike) and scripting/automation languages (e.g., PowerShell, Python)
- In-depth understanding of security frameworks and standards (NIST, ISO27001/2, CIS Top 20 Controls)
- Strong knowledge of compliance standards and regulatory requirements (e.g., PCI-DSS)
- Ability to analyze complex vulnerability data to identify patterns, trends, and actionable insights
- Risk-based assessment capabilities to prioritize and address critical vulnerabilities effectively
- Strong verbal and written communication skills for reporting and stakeholder engagement
- Proven ability to collaborate with cross-functional teams, serving as a trusted advisor
- Ability to identify gaps in security measures and propose effective solutions
- Strategic mindset for building business cases and influencing security tool adoption
- Self-driven with the ability to manage and update cybersecurity policies and standards independently
- Strategic thinking to contribute to the advancement of the cybersecurity program
- Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Certified Vulnerability Assessor (CVA), GIAC Enterprise Vulnerability Assessor (GEVA), or other similar credentials, is desired