Vulnerability Management, Manager

iHeartMedia

Current employees and contingent workers click here ( to apply and search by the Job Posting Title.

The audio revolution is here - and iHeart is leading it! iHeartMedia, the number one audio company in America , reaches 90% of Americans every month -- a monthly audience that's twice the size of any other audio company - almost three times the size of the largest TV network - and almost 4 times the size of the largest ad-supported music streaming service. In fact, we have:

• More #1 rated markets than the next two largest radio companies combined;

• We're the largest podcast publisher , with more monthly downloads than the second- and third-largest podcast publishers combined. Podcasting, the fastest-growing new media, today has more monthly users than streaming music services or Netflix;

• iHeart is the home of many of the country's most popular and trusted on-air personalities and podcast influencers , who build important connections with hundreds of communities across America;

• We create and produce some of the most popular and well-known branded live music events in America, including the iHeartRadio Music Festival, the iHeartRadio Music Awards, the iHeartCountry Festival, iHeartRadio Fiesta Latina and the iHeartRadio Jingle Ball Tour;

• iHeartRadio is the #1 streaming radio digital service in America;

• Our social media footprint is 7 times larger than the next largest audio service; and

• We have the only complete audio ad technology stack in the industry for all forms of audio , from on demand to broadcast radio, digital streaming radio and podcasting, which bring data, targeting and attribution to all forms of audio at an unparalleled scale. As a result, we're able to combine our strong leadership position in audience reach, usage and ad tech with powerful tools and insights for our sales organizations to help them build success for their clients at a more efficient cost than any other option.

Because we reach almost every community in America, we're committed to providing a range of programming that reflects the diversity of the many communities we serve - and our company reflects that same kind of diversity. Our company values stress collaboration, curiosity, welcoming dissent, accepting mistakes in the pursuit of new ideas, and respect for everyone.

Only one company in America has the #1 position in everything audio: iHeartMedia!

If you're excited about this role but don't feel your experience aligns perfectly with the job description, we encourage you to apply anyway. At iHeartMedia we are dedicated to building a diverse, inclusive, and authentic workplace and are looking for teammates passionate about what we do!

What We Need:

You will serve as a technical subject matter expert with a strong focus on vulnerability management and a secure developer mindset. Your responsibilities will include designing, defining, and implementing security requirements, controls, and processes to facilitate the secure development and operation of cloud-based and on-premises applications. You will conduct architecture analysis, threat modeling, vulnerability assessments, and technical design reviews for sensitive features and infrastructure to identify risk and guide development and engineering teams in improving the overall security posture of our products.

You will leverage your skills to develop process and automation for vulnerability detection, patch management, and remediation workflows. You will partner with application service teams to implement security standards, and guidelines, as well as educate developers on application and cloud security best practices. Additionally, you will help create, enhance, and maintain security documentation, providing guidance on vulnerability management processes, patching cycles, and zero-day response strategies.

You will evaluate and recommend new and emerging security products and technologies related to vulnerability management, patch management, and cloud security.

What You'll Do:

• Demonstrate leadership aptitude through mentoring and practice maturation.

• Work independently and collaboratively with various teams.

• Implement, onboard, and enforce vulnerability management tools and processes (including SAST, SCA, IaC, DAST, IAST) in cloud-based CI/CD pipelines.

• Coordinate software and cloud security initiatives with relevant teams.

• Conduct and build data flow diagrams & threat modeling with application and infrastructure teams.

• Manage manual and automated vulnerability management for priority issues, including zero-day vulnerabilities.

• Develop and maintain patch management processes and schedules.

• Assist in developing source code review and vulnerability management checklists.

• Advise developers and engineers on secure coding and vulnerability mitigation strategies for DevSecOps CI/CD pipelines.

• Secure code repositories, release environments, and deployment tools.

• Perform application, cloud, and mobile penetration testing.

• Lead vulnerability management projects and collaborate with vendors to assess, implement, and utilize new security tools.

What You'll Need:

• Analytical mindset for problem solving, vulnerability prioritization, and offensive security tactics.

• Effective communication skills, both verbal and written, to clearly convey technical and non-technical concepts to diverse audiences.

• Current experience in vulnerability assessment, security testing, and remediation methodologies (including browser-based, API, CI/CD pipeline, mobile, and cloud environments).

• Developer focus and mid-level knowledge of tools such as Terraform, Kubernetes, Serverless functions, Jenkins, and cloud platforms (AWS, Azure, GCP).

• Experience in secure architectural design review, threat modeling, and technical design reviews.

• Expertise in patch management, vulnerability prioritization (CVSS, risk-based approaches), and zero-day vulnerability response.

• Strong knowledge of CI/CD processes and security tools for each stage, including SAST, SCA, IaC, DAST, IAST, and application penetration testing.

• Hands-on experience with vulnerability exploitation and remediation in applications and cloud environments.

• Familiarity with repository management (GitHub, TFS, AWS, Azure) and vulnerability management platforms.

• Experience with manual and automated vulnerability management and resolution across multiple teams.

• Strong understanding of securing cloud-based resources, including containers and basic services in AWS, GCP, or Azure.

• Knowledge of configuration and information management analysis (XML, JSON, etc.).

• Solid grasp of security principles, policies, and industry best practices.

• Familiarity with standards such as OWASP, SAMM, ASVS, NIST Special Publications.

• Minimum of 5 years' experience in vulnerability management or application security.

• Minimum of 5 years' experience in software development.

• Minimum of 5 years' experience supporting security in CI/CD pipelines.

• Bachelor's Degree or 7 years developer experience with 3 years of vulnerability management or application security experience, or equivalent required.

• Certifications in Security, Kubernetes, Docker, AWS, or equivalent are a plus.

• Ability to stay focused and follow through on tasks in a timely manner.

What You'll Bring:

• Respect for others and a strong belief that others should do this in return

• Demonstrated initiative and achievement-oriented leadership

• Ability to manage several projects at a time

• Growth mindset and desire for continued knowledge sharing and learning

• Understanding of impact of your own decisions and decisions of your team

• Strong business insights that contribute to resolving complex problems

• Catalyst for new and innovative ideas

• Ability to identify and support new opportunities for continued improvement across business

• Ability to interact with individuals of all levels and maintain professional relationships

• Strong relationships with other leaders with the ability to manage external business partners where appropriate

Location:

San Antonio, TX: 20880 Stone Oak Parkway, 78258

Position Type:

Regular

Time Type:

Full time

Pay Type:

Salaried

Benefits:

iHeartMedia's benefits offering is flexible and offers a variety of choices to meet the diverse needs of our changing workforce, including the following:

• Employer sponsored medical, dental and vision with a variety of coverage options

• Company provided and supplemental life insurance

• Paid vacation and sick time

• Paid company holidays

• A Spirit day to encourage and allow our employees to more easily volunteer in their community

• A 401K plan

• Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving

• ?A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more!

We are accepting applications for this role on an ongoing basis.

The Company is an equal opportunity employer and will not tolerate discrimination in employment on the basis of race, color, age, sex, sexual orientation, gender identity or expression, religion, disability, ethnicity, national origin, marital status, protected veteran status, genetic information, or any other legally protected classification or status.

Non-Compete will be required for certain positions and as allowed by law.

Our organization participates in E-Verify. Click here ( to learn about E-Verify.

Are you passionate about media, entertainment, and making an impact through storytelling, innovation, and connection? If you're exploring new opportunities and want to be considered for future roles at iHeartMedia, we invite you to join our Talent Pool ( .

Visit iHeartMedia.com to learn more about us.

Please review our Privacy Policy ( and Terms of Use ( .