BoF CareersRemote
Deckers Brands Lead Vulnerability Management Security Engineer
United States
Full Time
4 hours ago
$145,000 - $155,000 USD
H1B Sponsor
Key skills
PythonPowerShellBITableauLeadershipCommunicationCloud Security
About this role
Deckers Brands is committed to creating an inclusive workplace and is seeking a Lead Vulnerability Management Security Engineer to architect their global security posture. This role involves transitioning the organization to a proactive governance model, implementing advanced security frameworks, and driving automation to enhance security resilience against threats.
Responsibilities:
- Architect and lead the end-to-end vulnerability management lifecycle, ensuring alignment with global security frameworks such as NIST, ISO 27001/2, and CIS Top 20
- Lead high-level risk discussions with business and technical stakeholders to transform raw vulnerability data into prioritized, actionable remediation roadmaps
- Serve as a trusted security advisor to infrastructure and application teams, fostering a culture of shared accountability for security debt and remediation
- Design and maintain a comprehensive security metrics program using BI tools (e.g., Tableau) to communicate program effectiveness and residual risk to executive leadership
- Drive the strategic selection, integration, and optimization of advanced security technologies to ensure a future-ready defense against emerging threats
- Spearhead the use of Python, PowerShell, and API integrations (with tools like CrowdStrike) to automate repetitive workflows and improve the Mean Time to Remediate (MTTR)
- Own the development and continuous improvement of cybersecurity policies and standards, ensuring they reflect current global threat intelligence and regulatory requirements
- Perform complex, risk-based assessments of both on-premises and cloud-native services to ensure consistent security controls across a hybrid environment
- Build and present compelling technical and business cases for security investments, securing buy-in for initiatives that mitigate critical enterprise vulnerabilities
Requirements:
- BA/BS degree, or equivalent experience
- Demonstrated success in architecting, implementing, and scaling enterprise-grade vulnerability management programs from the ground up
- 7+ years of extensive experience in security vulnerability management, including sophisticated scanning methodologies, risk-based assessment, and complex remediation orchestration
- Advanced hands-on experience with industry-leading vulnerability management platforms and their integration into the broader security stack
- Deep understanding of mapping vulnerability remediation to regulatory frameworks and standards such as PCI-DSS, HIPAA, SOC2, and GDPR
- Proven ability to author and enforce enterprise security policies, standards, and SLAs that drive measurable risk reduction
- Expert-level skill in developing and presenting high-fidelity security metrics and KPIs to influence executive-level decision-making
- Advanced knowledge of current and emerging threat vectors, exploit techniques, and the ability to pivot strategies based on the evolving global landscape
- Strong background in aligning vulnerability data with Incident Response (IR) and Threat Hunting workflows to accelerate containment and recovery
- Experience serving as a technical lead on large-scale infrastructure and cloud security initiatives, ensuring 'secure-by-default' configurations
- Proficiency with vulnerability management tools (e.g., Tenable, CrowdStrike) and scripting/automation languages (e.g., PowerShell, Python)
- In-depth understanding of security frameworks and standards (NIST, ISO27001/2, CIS Top 20 Controls)
- Strong knowledge of compliance standards and regulatory requirements (e.g., PCI-DSS)
- Ability to analyze complex vulnerability data to identify patterns, trends, and actionable insights
- Risk-based assessment capabilities to prioritize and address critical vulnerabilities effectively
- Strong verbal and written communication skills for reporting and stakeholder engagement
- Proven ability to collaborate with cross-functional teams, serving as a trusted advisor
- Ability to identify gaps in security measures and propose effective solutions
- Strategic mindset for building business cases and influencing security tool adoption
- Self-driven with the ability to manage and update cybersecurity policies and standards independently
- Strategic thinking to contribute to the advancement of the cybersecurity program
- Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Certified Vulnerability Assessor (CVA), GIAC Enterprise Vulnerability Assessor (GEVA), or other similar credentials, is desired