Role Overview

The VMDR Expert will be a senior technical authority responsible for the design, automation, and continuous improvement of Armis’ vulnerability management and detection capabilities.
This role bridges traditional vulnerability management with real-time detection and response — turning raw scan data, exploit intelligence, and asset context into actionable risk decisions.

You’ll collaborate closely with Cloud Security, Threat Intel, and Engineering teams to ensure vulnerabilities are identified, prioritized, and remediated in alignment with Armis’ global security strategy.

Key Responsibilities

• Lead and evolve Armis’ Vulnerability Management, Detection, and Response (VMDR) program across hybrid environments (cloud, SaaS, on-prem).
  
  
• Operate and optimize vulnerability detection tools (e.g., Tenable, Qualys, Rapid7, Wiz, Prisma Cloud, ServiceNow VR).
• Integrate vulnerability data with threat intelligence and detection pipelines for risk-based prioritization.
• Develop automated playbooks for vulnerability validation, alert correlation, and remediation tracking using Python, PowerShell, or REST APIs.
• Correlate vulnerability data with real-time detections (SIEM/SOAR) to improve exploitability insights.
• Create dashboards and KPIs for exposure trends, SLA adherence, and MTTR metrics in Splunk, Power BI, or Elastic.
• Partner with Security Engineering, CloudOps, and Product teams to ensure secure configuration and timely patching.
• Support incident response investigations where vulnerabilities are exploited or suspected.
• Maintain compliance alignment for ISO 27001, SOC 2, and FedRAMP control mappings.
  Author VMDR runbooks, response SOPs, and executive risk reports summarizing key exposures and trends.
  Participate in threat-hunting and red/blue team activities to validate vulnerability detection coverage.
  
  

Required Qualifications

• 6–10+ years of experience in Vulnerability Management, Threat Detection, or Security Engineering.
  Advanced knowledge of CVSS, EPSS, CISA KEV, CWE/CVE frameworks and scoring methodologies.
  Hands-on experience with enterprise-grade scanning, detection, and response tools (Tenable, Rapid7, Wiz, Prisma Cloud, ServiceNow VR).
• Experience building automation pipelines or integrations via API (Python, PowerShell, Bash, JSON).
• Familiarity with risk-based vulnerability management (RBVM) concepts and reporting models.
• Understanding of cloud security (AWS, GCP, Azure) and container environments (Docker, Kubernetes).
• Proven ability to collaborate across DevOps, Threat Intel, and Incident Response teams.
• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
  
  

Preferred Skills

• Prior experience in a SaaS or cybersecurity platform company.
• Familiarity with Armis Centrix™, asset intelligence, or attack surface management tools.
• Experience building or managing ServiceNow VR modules or similar vulnerability tracking workflows.
• Certifications such as CISSP, GCCC, CEH, CySA+, or GIAC GVP.
• Experience integrating vulnerability and detection telemetry into SIEM/SOAR workflows.

Salary range guidance for this position is: $157,000 - $200,000

The salary range listed does not include other forms of compensation or benefits (e.g. i.e. bonuses, commissions, stocks, health insurance benefits, etc.) offered to candidates. Visit our careers site for more information on benefits at Armis