Senior Principal, Vulnerability Management Expert

- Manage the comprehensive Vulnerability Management (VM) program, including strategy, roadmap, operating model, and performance metrics. - Establish and uphold a risk-centric vulnerability management framework aligned with NIST CSF, CIS Controls, and industry best practices. - Develop and maintain policies, standards, and procedures for vulnerability identification, assessment, prioritization, and remediation. - Formulate multi-year advancement plans for VM capabilities encompassing servers, endpoints, networks, applications, cloud, and third-party realms. - Act as product owner and technical expert for the Tenable platform across the organization. - Design and sustain Tenable platform architecture. - Lead scanning strategy design and execution across Tenable platforms, focusing on asset tagging, scoping, credential management, and scan frequency. - Ensure comprehensive lifecycle management from detection to validation, ensuring prompt resolution of significant vulnerabilities. - Implement risk-based prioritization utilizing Tenable risk scores with business impact, exploitability, and threat intelligence. - Collaborate with infrastructure, application, and cloud teams to synchronize remediation timelines with SLAs and change management processes. - Guarantee vulnerability and configuration coverage across network devices, endpoints, and remote access environments. - Incorporate threat intelligence and MITRE ATT&CK mappings into vulnerability prioritization processes. - Connect vulnerabilities with active exploitation trends, threat actor techniques, and sector-specific risks, especially in healthcare and public sectors. - Advise executives and technical teams regarding emerging vulnerabilities and coordinate urgent response efforts. - Define and monitor key metrics and KPIs for VM effectiveness. - Generate executive-level dashboards and reports for leadership, auditors, and clients. - Support internal and external audits, regulatory assessments, and customer security due diligence as the principal authority on VM processes and data. - Participate in governance forums to ensure accountability for remediation actions across teams. - Provide high-level technical and leadership support to vulnerability analysts and security engineers. - Mentor junior leaders and technical staff on VM best practices and risk-oriented strategies.