Senior Vulnerability Manager

Senior Vulnerability Manager Location: Remote Department: Global Xbox Security Hiring Manager: Senior Manager, Threat Detection and Incident Response Overview Global Xbox Security is seeking a Senior Vulnerability Management Engineer to help identify, assess, prioritize, and drive remediation of security weaknesses across infrastructure, endpoints, cloud services, applications, and supporting technologies in a large, complex enterprise environment. In addition to core vulnerability management responsibilities, this role has a specialized focus on vulnerabilities, risk assessments, and remediation efforts for “zero day” and actively exploited vulnerabilities. The ideal candidate combines technical depth with strong programmatic thinking, clear written and verbal communication, and the ability to coordinate effectively across technical teams, business stakeholders, and leadership audiences to move sensitive remediation efforts forward. Key Responsibilities Serve as a primary coordinator for vulnerability findings, risk assessments, and remediation efforts for “zero day” and actively exploited vulnerabilities. Manage high-visibility remediation taskings from central security functions, senior leadership, or strategic stakeholders, ensuring clear ownership, accountability, and follow-through. Operate and improve vulnerability management workflows across on-premises, cloud, hybrid, and endpoint environments. Perform vulnerability triage, validation, prioritization, and risk-based analysis using exploitability, asset criticality, exposure, compensating controls, and threat context. Partner with infrastructure, application, platform, and business teams to coordinate remediation activities and improve time-to-remediate for critical and high-risk findings. Translate technical risk into actionable guidance, executive‑ready updates, and concise remediation narratives for stakeholders with varying levels of technical expertise. Help define and maintain severity, prioritization, remediation, and exception-handling standards, including service level objectives and escalation paths. Validate remediation through rescans, targeted testing, or review of supporting evidence, and improve data quality, reporting, and lifecycle tracking. Support reporting and metrics for program health, including remediation aging, SLA adherence, exception tracking, recurring exposure trends, and sensitive issue status. Identify opportunities to automate vulnerability intake, enrichment, ticketing, prioritization, reporting, and stakeholder notifications. Contribute to security policies, standards, and operational procedures related to patch governance, exposure management, and exception handling. Required Qualifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience. Experience in vulnerability management, security operations, detection engineering, systems administration, or a closely related cybersecurity function. Strong understanding of vulnerability management principles, including CVSS, exploitability, remediation validation, compensating controls, and risk-based prioritization. Experience with enterprise vulnerability scanning or exposure management platforms. Familiarity with operating systems, enterprise infrastructure, cloud environments, networking fundamentals, and common security architectures. Ability to analyze technical findings and communicate risk, remediation guidance, and prioritization decisions to technical and non‑technical stakeholders. Demonstrated ability to coordinate across a broad range of teams and communicate credibly in high‑visibility or time‑sensitive situations. Experience using ticketing, workflow, or project management platforms to track remediation and exception handling. Strong analytical, organizational, and problem‑solving skills. Preferred Qualifications 5+ years of experience in vulnerability management or a closely related cybersecurity role, preferably in a large enterprise environment. Experience supporting executive‑visible security initiatives, escalations, or high‑priority remediation efforts. Experience operating within a Fortune 100 or similarly complex enterprise and working across centralized security functions and federated business units. Familiarity with cloud platforms such as Azure, AWS, or GCP. Experience correlating vulnerability data with threat intelligence, exploit telemetry, or security event data. Experience with scripting or automation using Python, PowerShell, Bash, or similar languages. Experience integrating vulnerability tooling with SIEM, SOAR, CMDB, ITSM, asset inventory, or ticketing systems. Knowledge of patch management, change management, remediation governance, and container or cloud workload vulnerability assessment. Relevant certifications such as Security+, CySA+, GSEC, CISSP, or similar. Benefits Medical, dental, vision, health savings account or health reimbursement account, healthcare spending accounts, dependent care spending accounts, life and AD&D insurance, disability insurance; 401(k) with Company match, tuition reimbursement, charitable donation matching; Paid holidays and vacation, paid sick time, floating holidays, compassion and bereavement leaves, parental leave; Mental health & wellbeing programs, fitness programs, free and discounted games, and a variety of other voluntary benefit programs like supplemental life & disability, legal service, ID protection, rental insurance, and others; If the Company requires that you move geographic locations for the job, then you may also be eligible for relocation assistance. In the U.S., the standard base pay range for this role is $101,000.00 - $186,754.00 Annual. These values reflect the expected base pay range of new hires across all U.S. locations. Ultimately, your specific range and offer will be based on several factors, including relevant experience, performance, and work location. Your Talent Professional can share this role's range details for your local geography during the hiring process. In addition to a competitive base pay, employees in this role may be eligible for incentive compensation. Incentive compensation is not guaranteed. While we strive to provide competitive offers to successful candidates, new hire compensation is negotiable. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status, among other characteristics. #J-18808-Ljbffr Activision Publishing Inc.