Director of Vulnerability and Exploits

Posted · Add Comment
Career Techniques Inc
Published
July 16, 2026
Location
Dallas, TX - Hybrid - 3 days/week in-office
Category
 
Job Type

Description

RESPONSIBILITIES

  • Lead and grow a team of vulnerability and exploit specialists across both vulnerability management and exploit research, establishing clear ownership, technical standards, research direction, and development paths.
  • Own the end-to-end vulnerability management program across full infrastructure footprint: asset coverage, continuous assessment, triage, risk-based prioritization, remediation tracking, and SLA enforcement.
  • Direct an exploit research function that goes beyond cataloging CVEs: reverse-engineer exploits and proof-of-concept code to understand true exploitability, build PoCs against the firm's own systems, and model adversarial scenarios relevant to HPC and AI environments.
  • Innovate how the program measures risk. Move beyond raw CVSS to context-aware models that account for exploitability (EPSS, KEV, weaponization signals), reachability, blast radius, and impact to production workloads, and validate those models against real findings.
  • Develop new approaches to prioritizing maintenance and remediation, framing patch and mitigation decisions around demonstrated exploitability and operational impact so engineering teams spend effort where it measurably reduces risk.
  • Build the research capability to understand vulnerability and exploit impact to production: how a given class of flaw behaves in specific stack, what compensating controls actually hold, and where standard guidance does not fit a bare-metal HPC environment.
  • Partner closely with Infrastructure, Platform Engineering, and Network teams to drive effective remediation and embed secure-by-default practices, giving engineers clear, well-contextualized, and actionable guidance.
  • Drive tooling strategy and investment for the function, evaluating and deploying vulnerability assessment, management, and exploit research platforms appropriate to scale, with a bias toward depth and customization over off-the-shelf reporting.
  • Develop and maintain program metrics, dashboards, and reporting cadences that give the VP of Security Operations clear visibility into exposure, remediation velocity, exploitability-weighted risk, and program maturity.
  • Stay ahead of the evolving vulnerability and exploit landscape, particularly across GPU clusters, HPC interconnects, firmware and BMC/DRAC, AI workloads, and the CI/CD and supply chain, and fold emerging threats into research and program priorities.
  • Collaborate with the Threat Intelligence, Incident Response, and Offensive Security teams so that vulnerability and exploit findings inform detection, response, and adversary modeling across the security organization.
  • Represent the Vulnerability and Exploits function in cross-functional security reviews, risk forums, and leadership briefings, communicating program status and risk posture with clarity and precision.

REQUIREMENTS

  • 8+ years of experience in vulnerability research, offensive security, or exploit development, with at least 3 years in a people management or team leadership role.
  • Deep, hands-on technical expertise in vulnerability analysis and exploit research: reverse engineering, proof-of-concept development, and understanding root cause and exploitability rather than consuming scanner output.
  • Strong command of vulnerability management at scale, including enterprise assessment platforms, CVSS and EPSS, KEV, and risk-based prioritization methodologies, with the judgment to know where those standards fall short and improve on them.
  • Demonstrated ability to innovate: developing new risk-measurement models, prioritization frameworks, or research methods, not just operating an existing program.
  • Experience securing large-scale infrastructure environments; familiarity with the vulnerability landscape of HPC, GPU clusters, high-speed interconnects, firmware, or AI workloads is a strong advantage.
  • Proven ability to build and lead high-performing technical teams, including hiring, mentoring, and developing practitioners across a range of seniority levels.
  • Strong cross-functional collaboration skills, with a track record of working with infrastructure and engineering teams to drive remediation outcomes and embed secure-by-default practices.
  • Experience defining and operating program metrics, SLAs, and executive reporting, with the ability to communicate risk posture clearly to technical and non-technical stakeholders.
  • Familiarity with vulnerability disclosure standards, the CVE process, and coordinated disclosure practices, and the ability to navigate them responsibly.
  • Analytical, structured, and inventive, able to run a broad program across many asset classes while retaining the technical depth to engage meaningfully with complex exploit research.
  • Bachelor’s degree in Engineering, Computer Science, or a related field, or equivalent experience
  • Max. file size: 100 MB.
  • Please complete the math question to prove you are human.

Related Jobs

VP of Security Operations   Dallas, TX - Hybrid - 3 days/week in-office new
July 16, 2026
Technical Account Manager (HPC, ML/AI)   Dallas, TX - Hybrid - 3 day/week in-office new
July 16, 2026
Technical Lead, Software Engineering   Melville, NY - Hybrid - 3 days/week in-office new
July 13, 2026
SDET   Melville, NY - Hybrid - 3 days/week in-office new
July 13, 2026
Technical Program Manager   Melville, NY - Hybrid - 3 days/week in-office new
July 13, 2026