Vulnerability Manager

Keeper Security is hiring an experienced Vulnerability Manager to lead and mature our enterprise vulnerability management program. This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based in the El Dorado Hills, CA or Chicago, IL metro area.

Keeper's cybersecurity software is trusted by millions of people and thousands of organizations, globally. Keeper is published in 21 languages and is sold in over 120 countries. Join one of the fastest-growing cybersecurity companies and bring your IL5 DevOps expertise to mission-critical work.

About Keeper

Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper's zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at

About the Job

As the Vulnerability Manager, you will own the strategy, technology stack, and execution of Keeper's enterprise vulnerability management program. You'll lead initiatives that drive measurable risk reduction across Keeper's commercial and public-sector deployments by integrating vulnerability discovery, prioritization, and remediation into every layer of our operations. You will work cross-functionally with Engineering, DevOps, IT, and Security Operations to embed vulnerability awareness into product development and cloud operations, while ensuring compliance with industry frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST

Responsibilities

• Own Keeper's enterprise vulnerability management strategy, governance, and SLAs across all environments
• Build scalable processes for vulnerability discovery, risk scoring, and remediation across multi-cloud and SaaS infrastructure
• Manage vulnerability scanning and asset discovery tools (e.g., ) and ensure continuous coverage
• Correlate vulnerability data with threat intelligence and exploit activity to drive risk-based prioritization
• Partner with Engineering, DevOps, IT, and Cloud Operations to ensure timely remediation and SLA adherence
• Integrate vulnerability tracking and remediation into CI/CD and ticketing systems (e.g., Jira, ServiceNow, GitLab)
• Automate scanning, correlation, and reporting workflows using scripting and API integrations
• Develop dashboards and analytics to measure exposure trends and risk reduction progress
• Monitor zero-day vulnerabilities, CISA KEV bulletins, and exploit campaigns to guide proactive mitigation
• Ensure compliance alignment with frameworks such as FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST 800-53
• Communicate vulnerability insights and risk metrics to leadership and key stakeholders
• Mentor engineers and analysts, fostering a culture of precision, accountability, and continuous improvement
• Represent vulnerability management in executive briefings, audits, and public-sector engagements

• 7+ years of experience in vulnerability management, security engineering, or cyber risk management
• Proven success managing enterprise-scale vulnerability programs across SaaS and public-sector environments
• Deep expertise in vulnerability scanning, CVE/CVSS scoring, exploit analysis, and risk prioritization
• Strong understanding of cloud environments (AWS, GCP, Azure) and modern application stacks
• Demonstrated ability to communicate technical risk clearly to both executive and non-technical stakeholders
• Solid grasp of relevant compliance frameworks: NIST SP 800-53, CIS Controls, ISO 27001, SOC 2, FedRAMP, StateRAMP
• Excellent problem-solving, organizational, and cross-functional collaboration skills

Preferred Qualifications

• Certifications such as CISSP, CISM, OSCP, or GIAC GCVS/GCFA
• Experience with automation, scripting, and data analytics (Python, PowerShell, API integration, Splunk, or Elastic dashboards)
• Background in security architecture, red teaming, or exploit development
• Familiarity with vulnerability disclosure programs and coordination with bug bounty platforms
• Experience developing and presenting vulnerability metrics to senior leadership or board-level stakeholders
• Bachelor's degree in Cybersecurity, Computer Science, or a related field, or equivalent experience

• Medical, Dental & Vision (inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
• Voluntary Short/Long Term Disability Insurance
• 401K (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
• Above market annual bonuses

Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Classification: Exempt