Rodeo
ResourcesPartnersSign in

Black Duck Software, Inc.

Senior Vulnerability Manager

Belfast
Posted 1 day ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Vulnerability Manager

Job Title: Senior Vulnerability Management Engineer

About Black Duck Software, Inc.

Black Duck Software, Inc. is a pioneer in application security, providing SAST, SCA, and DAST solutions to help organizations build secure, high-quality software. Our tools, services, and expertise enable teams to minimize risks while maximizing speed and productivity, integrating seamlessly into DevSecOps and across the software development life cycle (SDLC).


The Role The Senior Vulnerability Management Engineer owns and drives the enterprise vulnerability management program across cloud, endpoint, and application surfaces. This role combines technical leadership with program ownership, responsible for risk-based identification, prioritization, automated remediation, and verified closure.

Operating with minimal guidance, the Senior Vulnerability Management Engineer designs scalable architecture, optimizes pipelines, establishes governance, and influences cross-functional teams—delivering measurable risk reduction toward enterprise security goals.


Key Responsibilities

Cross-Domain Vulnerability Strategy and Execution

  • Govern a closed-loop vuln mgmt lifecycle—intake → scanning → triage → risk processing → remediation → verification → reporting—aligning to the company’s Defense in Depth and Active Risk Management standards.
  • Tie prioritization into CVSS, EPSS, and CISA KEV signals; automate and codify risk-based triage into:
    • Program policies, standard operating procedures
    • PSO dashboards (Power BI, etc.)
    • Custom proactive scoring models
  • Enforce SLA-based remediation deadlines; manage risk acceptances and exception approval workflows with visible trend analytics for leadership.
  • Execute asset hygiene specifications —ensuring end-to-end coverage across:
    • Endpoint inventory (OS, active apps, Device Guard/AV integration)
    • Cloud workloads (multi-cloud services, active container pod coverage)
    • On-prem, IoT, and mainframe services—driving iterative gap closure with CMDB team leaders.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Technical Architecture & Operations

  • Architect and administer enterprise scanners for:
    • Network>{{ client }}ass Aberration & Downtime
    • Infrastructure as Code (IaC) validation (Terraform, CloudFormation, etc.)
  • Prototype pay-as-you-go remediation aggregation (risk + scan osv scores that trigger signup/shutdown workflows for stateless apps).
  • Implement/monitor continuous authenticated vulnerability scanning to reduce false positives by 20% while maintaining full code coverage.
  • Lead compliance reporting & situational awareness role across:
    • Asset coverage metrics (patchable vs. immutable)
    • SLA timeline tracking (mean time to recovery, default threshold compliance)
    • Commercial trusted listings (ATTOM, PowerBooster integration points)

Cross-Functional Leadership & Influence

  • Direct/provide subject-matter expertise on automated patching to CMMC-eAccelerate and CIS critical asset intrusion controls.
  • Partner with:
    • Incident Response to tuning automated-exploitation prioritization flags (AV pauses, LNK detectors, mitigation testing)
    • Development Ops for secure default images and integrated commit pipelines
  • Design and execute measurement campaigns addressing:
    • Offshore exception incidences (% and time zones treated to minimize reliance)
    • Vendor dependency elaboration
  • Act as a senior advocate for rubric modernization, leading teams and ensuring methodology rigor aligned to senior IC expectations.

People & Culture

  • Mentor and owner role for rampup and career development of junior engineers.
  • Lead internal workstreams on vulnerabilities, industrializing management pipelines.

Quality & Compliance

  • Maintain a forensic-grade audit log of vuln decisions, acceptances, and exceptions, ensuring GDPR + DevSecSecOps compliance.
  • Conduct open-source remediation impact reviews, liaising with R&D organizations for upstream Lombrod protocols.
  • Direct annual vulnerability scan audit activities, including third-party assessments.

Miscellaneous

  • Foster "information effect engineering"—rapidly surfacing post-scan data value to leadership executives

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Skills & Experience

Must-Have

  • 5–7+ years in vulnerability management, closely coupled with:
    • Cybersecurity Engineering roles requiring cross-domain ownership (cloud, endpoint, application)
    • Proven capability to solve complex, multi-regional problems with limited autonomy
    • Hands-on deployment experience with:
      • Enterprise vulnerability scanners (tenable, openvas, nexpose, etc.)
      • Patching workflows (PSO’s Micro Focus, Qualys, etc.)
      • Integrations (CMDB, ITSM, SIEM) and CI/CD pipelines
  • Advanced risk methodology grounded in:
    • CVSS scoring logic remapped to managed services
    • Metrics alignment with CISA KEV for threat prioritization
    • Triaging automation (s preds/MSI scans) using:
      • Power Query, Excel macros(Nexpose chart analysis), Azure DevOps
  • Deep expertise in patch lifecycle management, change-control gates, and patches compliance to NIST SP 800-40r4 technical standards.

Preferred

  • Understanding of Zero Trust digital business models (Software Bill of Materials intersections)
  • Reverse/Threat Engineer certification (CEH/GCFA preferred)
  • Spanish/Mandarin language support for vulnerability communication

Equity & Inclusion Statement Black Duck is committed to fostering a culture of diversity, equity, and inclusion. We welcome candidates of all backgrounds, experiences, and perspectives. All qualified applicants will receive fair consideration without regard to race, color, religion, creed, national origin, sex, gender, gender identity, marital status, age, disability, veteran status, or genetic information. While the title of assistance manager appears to specifically target diversity initiative interactions, our aim here has been purely proactive since hiring bias training isn’t limited to Black Duckers.


<!-- The boundaries/end <!-- reflecting the end of required output -->
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Vulnerability Management
Cloud Security
Endpoint Security
Application Security
Automated Patching
Risk-Based Prioritization
CVSS
EPSS
CISA KEV
ITSM Integration
CMDB
CI/CD Pipelines
Infrastructure as Code
NIST SP 800-40r4
Scanning Architecture
Security Governance

Location

Belfast, Northern Ireland, United Kingdom

Sign up to applySee more jobs like this