Lead Information Security Engineer – Vulnerability Management

Job Description:

• Serve as the primary escalation point and subject matter expert for the most complex and high‑risk remediation issues across infrastructure, cloud, containers, applications, and code
• Provide advanced technical guidance on remediation paths, exploitability assessment, scanning output interpretation, and multi‑layered False Positive evaluations
• Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits
• Independently own intake, investigation, escalation, and mitigation reviews for high-impact items such as critical vulnerabilities, emerging threats, and executive escalations
• Drive and own sophisticated remediation planning that includes dependency mapping, coordinated timelines, and long-term fixes
• Perform analytical reviews of large datasets to identify meaningful trends and shape targeted remediation campaigns for the highest areas of risk
• Conduct proactive follow-up on stalled plans and escalate appropriately when remediation does not progress
• Deliver expert-level communication to technical and non-technical stakeholders to ensure clarity of risk, urgency, and remediation requirements
• Oversee False Positive determinations, Exception requests, and Risk Acceptance submissions to ensure accuracy, thoroughness, and adherence to governance standards
• Partner with teams across Information Security and application teams across the Bank to ensure complex issues are addressed correctly and efficiently
• Report and track vulnerability metrics, KPIs, and KRIs with proactive escalations to maintain risk within acceptable appetite
• Create impactful presentations to deliver key metrics and data to senior leadership

Requirements:

• At least 6 years of related and recent hands-on experience in Vulnerability Management, IS Engineering or similar Information Security domains
• Strong attention to detail, and advanced understanding of security architecture, networking, operating systems, identity, and cloud services
• Demonstrated experience in risk articulation, and remediation strategies across common technology stacks
• Experience with threat intelligence inputs and applying exploitability context to remediation prioritization
• Demonstrated experience triaging and prioritizing complex findings from scanning tools and translating technical findings into actionable remediation guidance
• Strong written and verbal communication skills
• Proven analytical and problem-solving skills
• Experience collaborating across multiple teams and influencing outcomes without direct authority
• Bachelor’s degree in computer science/information systems or equivalent combination of education and experience
• Certifications such as Security+, CISSP, CISM, GIAC, or cloud certifications (AWS preferred)

Benefits:

• Comprehensive benefits programs designed to support individual needs of employees and their families
• Physical, financial, emotional and social well-being