Lead the vulnerability management program by overseeing vulnerability identification, assessment, remediation, and reporting while mentoring a team and ensuring compliance with security standards.
Available Locations: Lisbon, Portugal or London, UK
Cloudflare is seeking a highly motivated and experienced Manager of Vulnerability Management to lead our efforts in identifying, assessing, prioritising, and remediating security vulnerabilities across our technology landscape. This critical role will be responsible for developing, implementing, and maintaining a robust vulnerability management program that effectively reduces our organisation's risk exposure. The ideal candidate will possess strong technical expertise, excellent leadership skills, and a deep understanding of cybersecurity best practices.
Responsibilities:
Qualifications:
Cloudflare is seeking a highly motivated and experienced Manager of Vulnerability Management to lead our efforts in identifying, assessing, prioritising, and remediating security vulnerabilities across our technology landscape. This critical role will be responsible for developing, implementing, and maintaining a robust vulnerability management program that effectively reduces our organisation's risk exposure. The ideal candidate will possess strong technical expertise, excellent leadership skills, and a deep understanding of cybersecurity best practices.
Responsibilities:
- Program Leadership and Strategy:
- Develop, implement, and maintain the organisation's vulnerability management strategy, policies, standards, and procedures.
- Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of the vulnerability management program.
- Stay abreast of the latest vulnerability trends, threats, and industry best practices.
- Contribute to the overall cybersecurity strategy and risk management efforts of the organisation.
- Vulnerability Identification and Assessment:
- Oversee the regular execution of vulnerability scanning activities across various environments (e.g., network, applications, containers, cloud).
- Manage and optimize vulnerability scanning tools and processes to ensure comprehensive and accurate identification of weaknesses.
- Align with asset inventory and system categorisation for effective vulnerability scanning and management.
- Vulnerability Analysis and Prioritisation:
- Lead the analysis of vulnerability scan results.
- Develop and implement a risk-based prioritisation framework for vulnerabilities based on severity, exploitability, asset criticality, and business impact.
- Collaborate with relevant teams to understand the context and potential impact of identified vulnerabilities.
- Remediation and Mitigation:
- Work closely with engineering and other stakeholders to define remediation plans and timelines for identified vulnerabilities.
- Track and monitor the progress of vulnerability remediation efforts, ensuring adherence to established SLAs.
- Facilitate the development and implementation of mitigating controls when immediate remediation is not feasible.
- Provide guidance and support to teams on vulnerability prevention and security best practices.
- Reporting and Communication:
- Develop and deliver clear and concise reports on vulnerability status, trends, remediation progress, and adherence to remediation SLAs to management and relevant stakeholders.
- Communicate effectively with technical and non-technical audiences regarding vulnerability risks and remediation efforts.
- Escalate critical vulnerabilities and remediation roadblocks in a timely manner.
- Team Leadership and Development:
- Build, mentor, and manage a high-performing vulnerability management team.
- Assign tasks, set goals, and provide regular feedback and coaching to team members.
- Foster a collaborative and knowledge-sharing environment within the team.
- Support the professional development and training of team members.
- Tooling and Automation:
- Evaluate, select, and implement vulnerability management tools and technologies.
- Drive automation efforts to streamline vulnerability scanning, analysis, and reporting processes.
- Integrate vulnerability management tools with other security and engineering systems.
- Compliance and Audit:
- Ensure the vulnerability management program aligns with relevant regulatory requirements, industry standards, internal policies and control requirements.
- Support internal and external audits related to vulnerability management practices.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Experience in information security, with a significant focus on vulnerability management.
- Proven experience in leading and managing vulnerability assessment and remediation efforts across diverse environments.
- Strong understanding of common vulnerability scoring systems (e.g., CVSS) and risk assessment methodologies.
- Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7 InsightVM) and Unified Vulnerability & Exposure Management tools (e.g. TruRisk, Brinqa, Nucleus)
- Experience with static and runtime container scanning technologies.
- Familiarity with application security testing tools and techniques (SAST/DAST).
- Knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
- Excellent analytical, problem-solving, and decision-making skills.
- Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with technical and non-technical teams.
- Proven ability to lead and motivate a team (if applicable).
- Experience with scripting languages (e.g., Python) for automation.
- Experience with threat intelligence platforms and integrating threat data into vulnerability prioritisation.
Top Skills
Brinqa
Nessus
Nucleus
Python
Qualys
Rapid7 Insightvm
Trurisk
Cloudflare Boston, Massachusetts, USA Office
Boston, MA, United States
Similar Jobs at Cloudflare
Cloud • Information Technology • Security • Software • Cybersecurity
The Customer Success Manager ensures customer satisfaction and retention by building relationships, managing post-sale experiences, and promoting Cloudflare solutions.
Top Skills:
Cloud ApplicationsCloud SecuritySaaSSase
Cloud • Information Technology • Security • Software • Cybersecurity
Lead and manage company-wide initiatives within Infrastructure Engineering, coordinating with various teams to deliver successful projects and streamline processes.
Top Skills:
AgileConfluenceExcelGoogle SheetJIRAKaizenScrumWaterfall
Cloud • Information Technology • Security • Software • Cybersecurity
This role involves managing Support Operations projects, optimizing workflows, maintaining capacity plans, and ensuring effective communication with stakeholders.
Top Skills:
AgileConfluenceJIRAKaizenExcelScrumWaterfall
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
