Cybersecurity Vulnerability & Exposure Management Lead

Axalta

  • Philadelphia, PA
  • Permanent
  • Full-time
  • 1 day ago
JOB TITLE: Cybersecurity Vulnerability & Exposure Management LeadPosition Summary:We are hiring an experienced candidate to lead the operation and advancement of our threat informed, risk-based vulnerability and exposure management program. This role is responsible for measurable reduction of enterprise exposure by driving accountability with technology teams in vulnerability remediation and configuration hardening. The primary focus of the role revolves around driving high-fidelity visibility into enterprise exposure using a combination of approaches including agents, network scanning, and integration of telemetry from cloud, endpoint, and infrastructure platforms with a continuous focus on implementing actionable risk reduction. This is a strategic, high-impact position focused on delivering clarity, driving action, and sustaining program momentum across a complex global enterprise.We are an equal opportunity employer and will not be offering visa sponsorship nor relocation assistance for this role.Key Responsibilities:
  • Lead the operation and continuous improvement of the enterprise vulnerability and exposure management program.
  • Leverage vulnerability management and configuration assessment technologies to evaluate infrastructure, cloud, and application risk.
  • Drive risk-based prioritization remediation planning that incorporates KEV, EPSS, configuration hardening benchmarks, asset criticality, and business context.
  • Own assessment of emerging threats and critical vulnerabilities partnering with GRC to document risk response, and Security Architecture, Engineering & SOC to operationalize mitigation strategies.
  • Drive end-to-end visibility into vulnerability and configuration posture across endpoints, servers, network devices, and cloud assets by leveraging agent-based telemetry, authenticated scanning, and integration of data from external platforms via API integration.
  • Continuously assess asset coverage and data fidelity, identifying and closing gaps in visibility that impact exposure reporting and remediation effectiveness.
  • Develop and deliver strategic reporting, dashboards, and executive summaries for IT leadership.
  • Develop tactical and prioritized remediation plans for technology teams aligned with asset ownership, feasibility, and risk reduction focus.
  • Own exposure-related metrics, SLA tracking, and remediation accountability across technology teams and/or business owners.
  • Drive program execution using both internal resources and external services; ensure external support is integrated, efficient, and aligned with internal vulnerability and risk reduction objectives.
  • Build scalable workflows, governance, and exception handling models that integrate with existing IT processes.
  • Lead project and program execution for continuous improvement of the vulnerability lifecycle, hardening posture, and partner with GRC for integrated risk reporting.
Requirements:
  • Minimum 7 years of cybersecurity experience in a large, distributed environment with vulnerability management, exposure analysis, and technical risk remediation roles, including at least 3 years in a program lead capacity driving improved capability maturity.
  • Hands on experience and deep understanding of operationalizing technical vulnerability management & security configuration hardening with tools including vulnerability scanners, CIS Benchmarks, and application security testing tools. With specific knowledge of the following preferred: Qualys VMDR; Policy Compliance for CIS Benchmark assessment per class of asset; Total AppSec for security testing of web applications and APIs.
  • Strong knowledge of risk-based prioritization mechanisms including KEV, EPSS, MITRE ATT&CK, and CIS Critical Controls.
  • Proficiency in reporting and data visualization using Word, Excel, PowerPoint and visualization platforms such as Power BI; able to distill technical exposure into concise, actionable business insights.
  • Experience managing or integrating telemetry from endpoint agents, network scanners, CMDBs, or cloud asset APIs.
  • Strong knowledge of and engineering experience with Windows, Linux, Databases, Web Applications, Cloud, DNS, PKI, and Encryption.
  • Minimum of 5 years' experience implementing security strategy and protecting assets in hybrid cloud and on-prem environments; experience with Azure, M365, and Entra/Azure AD preferred.
  • Proven ability to drive cross-functional accountability across IT, cloud, and application teams.
  • Exceptional communication skills, with the ability to translate technical security risk into business-relevant language for technical teams and IT leadership.
  • Demonstrated experience managing or integrating managed service providers as part of a vulnerability management program.
  • Strong project and program management capabilities, with excellent organizational, problem-solving, and stakeholder engagement skills; able to manage multiple initiatives, drive accountability, and influence cross-functional teams.
  • Proven ability to operate effectively in a matrixed environment by partnering with Security GRC and Security Engineering/Operations teams to align on risk response, hardening strategies, exception handling, and program execution.
Education & Certification:
  • Bachelor’s degree required in Information Technology, Computer Science, Cybersecurity, Computer Engineering, Security Risk Analysis, Information Security & Assurance or other relevant focus area.
  • Possess a minimum of one of the following certifications: CISSP, CISM, GSOM, GCCC, GCED, GPEN, ISSAP or ISSEP. If not currently certified, required to obtain certification(s) within the first 12 months of employment.
Our Company:Axalta has remained at the forefront of the coatings industry by continually investing in innovative solutions. We engineer technologies that protect customers’ products – whether they are battling heat, light, corrosion, abrasion, moisture, or chemicals – and add dimension and beauty with colorful finishes. We have a vast and ever-evolving portfolio of brands primed to play an important part in everything from modernizing infrastructure around the world to enabling the next generation of electric and autonomous vehicles.Axalta operates its business in two segments: Performance Coatings and Mobility Coatings, which serve four end markets, including Refinish, Industrial, Light Vehicle and Commercial Vehicle, across North America, EMEA, Latin America and Asia-Pacific. Our diverse global footprint allows us to deliver solutions in over 140+ countries and coat 30 million vehicles per year. We’ve recently set an exciting 2040 carbon neutrality goal, in addition to 10 other sustainability initiatives, and we take pride in working with our customers to optimize their businesses and achieve their goals. 1.2 - First/Mid Level Officials and Managers (EEO-1 Job Categories-United States of America)

Axalta