Job Description:

The Manger for Total Vulnerability Management (TVM) serves as the enterprise lead for identifying, assessing, prioritizing, and remediating security vulnerabilities across all data center and cloud hosted environments supporting the development, delivery, and hosting of insurance software. Reporting directly to the Director of Cybersecurity for Insurance Software, this is a supervisory role responsible for developing and executing a comprehensive vulnerability management strategy that aligns with the organization’s risk appetite, policies, standards, and regulatory requirements. The Manager for TVM oversees the full lifecycle of vulnerability and patch management including asset and vulnerability discovery, patching, mitigation, and remediation prioritization, as well as metric reporting to executive leadership and responding to internal and external audits. This position partners closely with infrastructure, application, and delivery teams to ensure timely remediation, while driving continuous improvement of processes, tooling, and automation to reduce the organization’s attack surface.

Required:

• Minimum of 5–8 years of professional security experience, with at least 3 years focused on vulnerability management.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Wiz, Prisma Cloud).
• Strong understanding of cloud environments (AWS, Azure, GCP) and SaaS-specific security concerns.
• Experience managing vulnerabilities across containers and serverless architectures.
• Familiarity with application security testing (SAST, DAST, penetration testing coordination).
• Proficiency with threat intelligence sources and mapping vulnerabilities to real-world risk.
• Knowledge of patch management processes and integration with IT/DevOps workflows (CI/CD).
• Understanding of network security fundamentals, including firewalls, IDS/IPS, and endpoint security.
• Proven ability to work with cross-functional teams (engineering, DevOps, compliance, product) to drive remediation.
• Familiarity with regulatory and compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR).
• Strong background in risk assessment and prioritization, translating technical findings into business impact.
• Experience in developing and reporting metrics and KPIs for vulnerability management.
• Familiarity with automation and scripting (Python, PowerShell, Bash) to streamline vulnerability workflows.
• Knowledge of NIST, MITRE ATT&CK, CVSS scoring, and industry standards for vulnerability classification.
• Demonstrated ability to manage a team of security professionals.
• Excellent communication and presentation skills for executive-level reporting.

Preferred:

• CISSP, CISM, CISA, OSCP, or GIAC certifications (e.g., GSEC, GCIH, GMON) demonstrating advanced security expertise.
• Background in DevSecOps practices and embedding vulnerability management into CI/CD pipelines.
• Experience with infrastructure-as-code (IaC) scanning (Terraform, CloudFormation).
• Familiarity with software composition analysis (SCA) tools for open-source dependency management.
• Knowledge of zero-trust security principles and modern enterprise architecture security.
• Exposure to forensics and reverse engineering for advanced vulnerability analysis.
• Experience working in a SaaS company.
• Strong knowledge of emerging security trends, such as AI-driven threats and supply chain security.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

If you are an applicant from the United States, Guam, or Puerto Rico

DXC Technology Company (DXC) is an Equal Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, pregnancy, veteran status, genetic information, citizenship status, or any other basis prohibited by law. View postings below .

We participate in E-Verify. In addition to the posters already identified, DXC provides access to prospective employees for the Federal Minimum Wage Poster, Federal Polygraph Protection Act Poster as well as any state or locality specific applicant posters. To access the postings in the link below, select your state to view all applicable federal, state and locality postings. Postings are available in English, and in Spanish, where required. View postings below.

Postings Link

Disability Accommodations

If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, you may request a reasonable accommodation by contacting us via email.

Please note: DXC will respond only to requests for accommodations due to a disability.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.