We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Cloudflare, Inc. jobs

Manager of Vulnerability Management

Cloudflare, Inc.
United States, California, San Francisco
101 Townsend Street (Show on map)
Jun 04, 2025
About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine's Top Company Cultures list and ranked among the World's Most Innovative Companies by Fast Company.

We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team. We hire the best people based on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us!

Available Locations: Lisbon, Portugal or London, UK

Cloudflare is seeking a highly motivated and experienced Manager of Vulnerability Management to lead our efforts in identifying, assessing, prioritising, and remediating security vulnerabilities across our technology landscape. This critical role will be responsible for developing, implementing, and maintaining a robust vulnerability management program that effectively reduces our organisation's risk exposure. The ideal candidate will possess strong technical expertise, excellent leadership skills, and a deep understanding of cybersecurity best practices.

Responsibilities:



  • Program Leadership and Strategy:


    • Develop, implement, and maintain the organisation's vulnerability management strategy, policies, standards, and procedures.
    • Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of the vulnerability management program.
    • Stay abreast of the latest vulnerability trends, threats, and industry best practices.
    • Contribute to the overall cybersecurity strategy and risk management efforts of the organisation.


  • Vulnerability Identification and Assessment:


    • Oversee the regular execution of vulnerability scanning activities across various environments (e.g., network, applications, containers, cloud).
    • Manage and optimize vulnerability scanning tools and processes to ensure comprehensive and accurate identification of weaknesses.
    • Align with asset inventory and system categorisation for effective vulnerability scanning and management.


  • Vulnerability Analysis and Prioritisation:


    • Lead the analysis of vulnerability scan results.
    • Develop and implement a risk-based prioritisation framework for vulnerabilities based on severity, exploitability, asset criticality, and business impact.
    • Collaborate with relevant teams to understand the context and potential impact of identified vulnerabilities.


  • Remediation and Mitigation:


    • Work closely with engineering and other stakeholders to define remediation plans and timelines for identified vulnerabilities.
    • Track and monitor the progress of vulnerability remediation efforts, ensuring adherence to established SLAs.
    • Facilitate the development and implementation of mitigating controls when immediate remediation is not feasible.
    • Provide guidance and support to teams on vulnerability prevention and security best practices.


  • Reporting and Communication:


    • Develop and deliver clear and concise reports on vulnerability status, trends, remediation progress, and adherence to remediation SLAs to management and relevant stakeholders.
    • Communicate effectively with technical and non-technical audiences regarding vulnerability risks and remediation efforts.
    • Escalate critical vulnerabilities and remediation roadblocks in a timely manner.


  • Team Leadership and Development:


    • Build, mentor, and manage a high-performing vulnerability management team.
    • Assign tasks, set goals, and provide regular feedback and coaching to team members.
    • Foster a collaborative and knowledge-sharing environment within the team.
    • Support the professional development and training of team members.


  • Tooling and Automation:


    • Evaluate, select, and implement vulnerability management tools and technologies.
    • Drive automation efforts to streamline vulnerability scanning, analysis, and reporting processes.
    • Integrate vulnerability management tools with other security and engineering systems.


  • Compliance and Audit:


    • Ensure the vulnerability management program aligns with relevant regulatory requirements, industry standards, internal policies and control requirements.
    • Support internal and external audits related to vulnerability management practices.



Qualifications:



  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • Experience in information security, with a significant focus on vulnerability management.
  • Proven experience in leading and managing vulnerability assessment and remediation efforts across diverse environments.
  • Strong understanding of common vulnerability scoring systems (e.g., CVSS) and risk assessment methodologies.
  • Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7 InsightVM) and Unified Vulnerability & Exposure Management tools (e.g. TruRisk, Brinqa, Nucleus)
  • Experience with static and runtime container scanning technologies.
  • Familiarity with application security testing tools and techniques (SAST/DAST).
  • Knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
  • Excellent analytical, problem-solving, and decision-making skills.
  • Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with technical and non-technical teams.
  • Proven ability to lead and motivate a team (if applicable).
  • Experience with scripting languages (e.g., Python) for automation.
  • Experience with threat intelligence platforms and integrating threat data into vulnerability prioritisation.

What Makes Cloudflare Special?

We're not just a highly ambitious, large-scale technology company. We're a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

Project Galileo: Since 2014, we've equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare's enterprise customers--at no cost.

Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project, we've provided services to more than 425 local government election websites in 33 states.

1.1.1.1: We released 1.1.1.1 to help fix the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. This is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released. Here's the deal - we don't store client IP addresses never, ever. We will continue to abide by our privacy commitment and ensure that no user data is sold to advertisers or used to target consumers.

Sound like something you'd like to be a part of? We'd love to hear from you!

This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.

Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA/Veterans/Disabled Employer.

Cloudflare provides reasonable accommodations to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job. Examples of reasonable accommodations include, but are not limited to, changing the application process, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment. If you require a reasonable accommodation to apply for a job, please contact us via e-mail at hr@cloudflare.com or via mail at 101 Townsend St. San Francisco, CA 94107.

Applied = 0
MORE JOBS LIKE THIS

(web-696f97f645-6kfh8)