SVP, Vulnerability Management & Cloud Security Posture Platform Engineering

SVP, Vulnerability Management & Cloud Security Posture Platform Engineering

We're seeking a team member for the role of SVP, Vulnerability Management & Cloud Security Posture Platform Engineering to join our Cybersecurity Engineering Tools & Platforms team. This role is located in New York, NY; Pittsburgh, PA; or Washington, DC.

This is a high-impact, deeply technical individual contributor role focused on both running and engineering enterprise cybersecurity platforms that support vulnerability management, asset discovery, network and infrastructure scanning, cloud security posture management, cloud-native risk visibility, reporting, and remediation enablement.

This role fits in the intersection of hands-on platform operations, deployment and execution, troubleshooting, automation engineering, service ownership, and technical leadership.

In this role, you'll make an impact in the following ways:

• Own engineering and operational accountability for enterprise vulnerability management and cloud security posture management tooling.
• Run critical cybersecurity platforms day to day, including platform health, configuration, access, integrations, upgrades, onboarding, troubleshooting, vendor support, and production stability.
• Engineer platform improvements that increase reliability, scalability, coverage, automation, performance, data quality, and operational resilience.
• Manage platform configuration, tenant administration, access models, scanner and agent lifecycle, cloud connectors, onboarding standards, and service health.
• Support scanning across servers, endpoints, databases, network devices, appliances, cloud assets, containers, external-facing assets, and other enterprise technologies.
• Partner with network and infrastructure teams on scanner placement, network zones, routing, firewall rules, segmentation, latency, reachability, authenticated scanning, and scan troubleshooting.
• Drive asset discovery, inventory reconciliation, coverage reporting, ownership validation, and integration with CMDB and authoritative asset sources.
• Build and maintain automation, APIs, configuration management, dashboards, reporting workflows, and data pipeline integrations, including integrations that ingest asset, ownership, cloud, and configuration data from enterprise systems and publish vulnerability and posture data to downstream remediation, reporting, and risk platforms.
• Partner with vulnerability management teams to enable prioritization, remediation tracking, SLA governance, exception workflows, and major vulnerability response.
• Own platform monitoring, health checks, operational dashboards, incident response, vendor escalations, disaster recovery readiness, and business continuity procedures.
• Support SSO, RBAC, privileged access, service accounts, API tokens, access recertification, segregation of duties, audit evidence, and regulatory reporting.
• Troubleshoot complex issues across tools, agents, scanners, APIs, cloud connectors, networks, identity systems, data pipelines, vendor platforms, and downstream reporting consumers.
• Create dynamic engineering solutions using languages such as Python, Go, Java, or similar.
• Mentor engineers, improve runbooks and documentation, and raise the technical bar through hands-on platform expertise.

To be successful in this role, you bring:

• Hands-on experience running and engineering enterprise cybersecurity platforms, especially vulnerability management, scanning, asset discovery, cloud security posture, or cloud-native application protection platforms in large financial institutions.
• Strong operational discipline, including production support, incident response, change management, service health monitoring, vendor escalation, and lifecycle management.
• Strong engineering mindset, including automation, API integration, configuration management, repeatable deployment patterns, data quality improvement, and toil reduction.
• Strong understanding of vulnerability management operating models, including remediation tracking, SLA governance, exceptions, ownership validation, and major vulnerability response.
• Strong networking knowledge, including TCP/IP, routing, DNS, firewalls, proxies, load balancers, network segmentation, NAT, packet flows, latency, and reachability troubleshooting.
• Experience scanning and assessing diverse enterprise technologies, including servers, endpoints, network devices, databases, appliances, cloud assets, containers, and externally exposed systems.
• Knowledge of scanner architecture, agent health, network zones, scan routes, authenticated scanning, credential management, and scan troubleshooting.
• Experience with cloud environments, including AWS, Azure, and GCP, cloud connectors, IAM, APIs, and security control frameworks.
• Experience integrating cybersecurity platforms with CMDB, ticketing systems, reporting platforms, data pipelines, cloud platforms, vulnerability management systems, and enterprise dashboards.
• Strong understanding of access management, including SSO, MFA, RBAC, privileged access, service accounts, API tokens, and recertification.
• Programming and automation skills using Python, Go, Java, or similar.
• Ability to debug complex issues across platforms, agents, scanners, cloud connectors, APIs, data pipelines, identity systems, networks, firewalls, routing paths, and vendor services.
• Experience supporting audit, regulatory reporting, evidence retention, operational controls, and production change management.
• A mindset focused on automation, scalability, governance, resilience, and reducing operational friction.
• Experience with Kubernetes and container vulnerability management, including cluster visibility, container image assessment, runtime context, registry integrations, cloud-native asset inventory, and remediation workflows.

Preferred:

• Experience with the following tooling preferred: Qualys, Wiz.io, Lumeta, or similar vulnerability management, asset discovery, network visibility, and cloud security posture platforms.
• Experience operating or engineering cybersecurity platforms in FedRAMP-authorized or FedRAMP-aligned cloud environments.
• Familiarity with FedRAMP control expectations, evidence collection, vulnerability scanning requirements, continuous monitoring, access governance, and cloud security operations.

Success Profile

• Becomes a senior technical authority for both operating and engineering vulnerability management and cloud security posture tooling.
• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
• 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
• Keeps critical cybersecurity platforms stable, healthy, upgraded, monitored, documented, and supportable.
• Improves platform reliability, scan health, agent health, connector health, data quality, and operational visibility.
• Expands coverage across infrastructure, applications, business units, cloud accounts, containers, network devices, appliances, and external-facing assets.
• Enables reliable reporting, remediation tracking, SLA governance, audit evidence, and regulatory support.
• Reduces manual effort through automation, repeatable onboarding, self-service intake, standardized runbooks, and engineered controls.
• Strengthens access governance, platform controls, service ownership discipline, and production resilience.

This role is for someone who wants to run, own, and engineer the platforms that define cyber risk visibility across the enterprise. Day-to-day platform execution and long-term engineering decisions will directly impact security posture, vulnerability response, regulatory confidence, and operational resilience across BNY.