Career Techniques Inc
Description
RESPONSIBILITIES
- Lead and grow a team of vulnerability and exploit specialists across both vulnerability management and exploit research, establishing clear ownership, technical standards, research direction, and development paths.
- Own the end-to-end vulnerability management program across full infrastructure footprint: asset coverage, continuous assessment, triage, risk-based prioritization, remediation tracking, and SLA enforcement.
- Direct an exploit research function that goes beyond cataloging CVEs: reverse-engineer exploits and proof-of-concept code to understand true exploitability, build PoCs against the firm's own systems, and model adversarial scenarios relevant to HPC and AI environments.
- Innovate how the program measures risk. Move beyond raw CVSS to context-aware models that account for exploitability (EPSS, KEV, weaponization signals), reachability, blast radius, and impact to production workloads, and validate those models against real findings.
- Develop new approaches to prioritizing maintenance and remediation, framing patch and mitigation decisions around demonstrated exploitability and operational impact so engineering teams spend effort where it measurably reduces risk.
- Build the research capability to understand vulnerability and exploit impact to production: how a given class of flaw behaves in specific stack, what compensating controls actually hold, and where standard guidance does not fit a bare-metal HPC environment.
- Partner closely with Infrastructure, Platform Engineering, and Network teams to drive effective remediation and embed secure-by-default practices, giving engineers clear, well-contextualized, and actionable guidance.
- Drive tooling strategy and investment for the function, evaluating and deploying vulnerability assessment, management, and exploit research platforms appropriate to scale, with a bias toward depth and customization over off-the-shelf reporting.
- Develop and maintain program metrics, dashboards, and reporting cadences that give the VP of Security Operations clear visibility into exposure, remediation velocity, exploitability-weighted risk, and program maturity.
- Stay ahead of the evolving vulnerability and exploit landscape, particularly across GPU clusters, HPC interconnects, firmware and BMC/DRAC, AI workloads, and the CI/CD and supply chain, and fold emerging threats into research and program priorities.
- Collaborate with the Threat Intelligence, Incident Response, and Offensive Security teams so that vulnerability and exploit findings inform detection, response, and adversary modeling across the security organization.
- Represent the Vulnerability and Exploits function in cross-functional security reviews, risk forums, and leadership briefings, communicating program status and risk posture with clarity and precision.
REQUIREMENTS
- 8+ years of experience in vulnerability research, offensive security, or exploit development, with at least 3 years in a people management or team leadership role.
- Deep, hands-on technical expertise in vulnerability analysis and exploit research: reverse engineering, proof-of-concept development, and understanding root cause and exploitability rather than consuming scanner output.
- Strong command of vulnerability management at scale, including enterprise assessment platforms, CVSS and EPSS, KEV, and risk-based prioritization methodologies, with the judgment to know where those standards fall short and improve on them.
- Demonstrated ability to innovate: developing new risk-measurement models, prioritization frameworks, or research methods, not just operating an existing program.
- Experience securing large-scale infrastructure environments; familiarity with the vulnerability landscape of HPC, GPU clusters, high-speed interconnects, firmware, or AI workloads is a strong advantage.
- Proven ability to build and lead high-performing technical teams, including hiring, mentoring, and developing practitioners across a range of seniority levels.
- Strong cross-functional collaboration skills, with a track record of working with infrastructure and engineering teams to drive remediation outcomes and embed secure-by-default practices.
- Experience defining and operating program metrics, SLAs, and executive reporting, with the ability to communicate risk posture clearly to technical and non-technical stakeholders.
- Familiarity with vulnerability disclosure standards, the CVE process, and coordinated disclosure practices, and the ability to navigate them responsibly.
- Analytical, structured, and inventive, able to run a broad program across many asset classes while retaining the technical depth to engage meaningfully with complex exploit research.
- Bachelor’s degree in Engineering, Computer Science, or a related field, or equivalent experience
