Manager, Vulnerability Management
Company: Marriott Hotels Resorts
Location: Bethesda
Posted on: April 2, 2026
|
|
|
Job Description:
Description JOB SUMMARY The Manager, Vulnerability Management,
functions as a technical expert in vulnerability scanning and
remediation tracking. The role will be responsible for identifying
vulnerabilities through vulnerability scanning and ensuring
remediation through assessment and reporting. The role will also
maintain the evaluation process, identify areas for process
improvement to ensure the inclusion of appropriate elements of
quality and compliance with security policy and regulations. The
role will help with enterprise vulnerability scanning and will be
able to create and manage integrated assessments. This role is for
a technical expert who can monitor and assess vulnerability
scanning data. It requires the ability to communicate with
technical and non-technical stakeholders, relays the importance of
the vulnerability management activities, the risks presented by
findings, and potential remediation actions. This role requires a
working knowledge of security and network protocols, system and
network administration, and configuration management. CANDIDATE
PROFILE Education and Experience Required: Bachelor’s degree in
Computer Sciences or related field or equivalent
experience/certification. 5 years of experience in information
security that also includes background and knowledge of general
security concepts such as defense in-depth, least privilege, etc. 2
years’ experience with: Vulnerability scanning and assessment using
Tenable VM or Tenable Security Center Vulnerability assessment and
reporting, including comprehensive understanding of Vulnerability
Management methodologies and procedures, threat assessment, and
remediation management. Implementing, managing or using enterprise
vulnerability assessment technologies, including Tenable.io,
Tenable Security Center, or similar vulnerability solutions, is
required. Preferred: Current information security certification,
including Certified Information Systems Security Professional
(CISSP), GIAC certification, or Certified Information Security
Manager (CISM). Technical leadership experience in sourced and
contractor environments. Experience managing or operating
enterprise vulnerability management in a large commercial
enterprise. Experience working in a multi-cloud enterprise
environment. Ability to understand and manipulate large data sets
to provide analysis and reporting. Experience with workflow
solutions, including ServiceNow and Jira Experience working on
medium-to-large projects involving multiple teams in a technical
lead role within an enterprise environment. Experience with
managing technical aspects of various controls frameworks, such as
NIST Security and Privacy Controls and PCI-DSS. Experience managing
or operating enterprise vulnerability management in a large
commercial enterprise. Familiarity with attack and exploitation
techniques involving operating systems, applications, and devices
commonly seen in an enterprise environment. Excellent communication
skills and problem-solving ability. Demonstrated ability to work
independently and with others. Technical infrastructure operations,
administration, or engineering background. Understanding of Agile
workflow management, including sprints and Kanban CORE WORK
ACTIVITIES Provide technical leadership to the information
vulnerability management process, including developing and managing
remediation activities. Identify, triage, and prioritize
vulnerabilities and associated remediation and mitigation activity
using multiple sources of vulnerability, threat, and asset data.
Develop remediation and mitigation guidance to include
vendor-supplied remediations, mitigating actions to reduce risk,
and actions to address vulnerabilities for which complete
remediation does not exist, on both individual assets and on
multi-asset solutions and environments. Use internal solutions to
report on open vulnerabilities, remediation progress, remediation
compliance, and vulnerability metrics for use by technical,
management, and executive stakeholders. Perform planned and ad-hoc
vulnerability scanning, determine remediation options and track
remediation to completion. Evaluate and test hardware, firmware and
software for possible impact on system security, and the
investigation and resolution of security risk and incidents. Assist
in the direction of third-party vendors activities to include
prioritizing work, developing processes to govern such activities,
and reporting on the status, type, and effectiveness of those
activities. Create, maintain, and mature vulnerability management
processes and related documentation. Maintain documentation
repositories related to vulnerability management for use by
internal staff and technical stakeholders Work proactively with IT
Infrastructure partners with respect to strategic and tactical
plans for information security. Educates internal and external
users of security technologies to continually improve the knowledge
and skill base of the organization on how best to manage security
configuration, patch management and vulnerability management within
the infrastructure services. Participates in the evaluation and
selection of security services products. Promotes the benefits of
security services to the organization and educates the team on
security concepts. Technical Leadership Trains and/or mentors other
team members, and peers as appropriate Provides financial input on
department or project budgets, capital expenditure or other
cost/resource estimates as requested Identifies opportunities to
enhance the service delivery processes IT Governance Follows all
defined IT standards and processes (i.e. IT Governance, SM&G,
Architecture, etc.), and provides input for improvements to the
appropriate process owners as needed Maintains a proper balance
between business and operational risk Follows the defined project
management standards and processes At Marriott International, we
are dedicated to being an equal opportunity employer, welcoming all
and providing access to opportunity. We actively foster an
environment where the unique backgrounds of our associates are
valued and celebrated. Our greatest strength lies in the rich blend
of culture, talent, and experiences of our associates. We are
committed to non-discrimination on any protected basis, including
disability, veteran status, or other basis protected by applicable
law.
Keywords: Marriott Hotels Resorts, Rockville , Manager, Vulnerability Management, IT / Software / Systems , Bethesda, Maryland
