Security Solutions Principal - Threat and Vulnerability Management (TVM)
Role details
Job location
Tech stack
Job description
We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a culture of belonging that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!, The Principal Consultant is a senior advisory and delivery role responsible for helping large enterprises design, mature, operationalize, and continuously optimize their security investments. This role blends deep technical expertise with strategic consulting and hands-on execution to drive measurable risk reduction outcomes.
This role includes leadership in enterprise-scale threat and vulnerability management, remediation and patching strategy, processes, controls and supporting tools/technologies spanning infrastructure, networking, cloud, compute, and application layers, ensuring coordinated and risk-prioritized remediation across hybrid environments.
This consultant must bring proven experience analyzing, designing, enabling and operationalizing threat and exposure management programs in complex, large-scale enterprise environments, providing solutions that are well-designed, client-fit, scalable, and sustainable.
The role emphasizes threat-centric, scenario-based analysis that drives prioritized and actionable remediation, improving both the effectiveness and efficiency of client security operations.
The Principal Consultant serves as a trusted advisor to client security leadership, guiding risk-based vulnerability management, exposure validation, and threat-informed defense strategies aligned to business risk, cybersecurity trends, regulatory requirements, and operational realities.
The role also requires strong capabilities at executive level (i.e., CISO, CTO, CIO, COO, etc.) reporting and stakeholder communications, enabling leadership to make informed risk and investment decisions.
Key Domain Responsibilities
Threat & Vulnerability Management Strategy & Advisory
- Advise and oversee client projects on Threat & Vulnerability Management strategy, operating models, and multi-year maturity roadmaps
- Translate business and data risks into threat and vulnerability management priorities
- Align programs to frameworks (e.g., NIST, ISO, MITRE ATT&CK-informed approaches)
- Define governance models, roles, and RACI structures for exposure management that fit the client's culture
- Drive operationalization of CTEM strategies into repeatable, scalable enterprise processes
- Establish enterprise-wide remediation governance models across infrastructure, network, cloud, and application domains
Threat & Vulnerability Management
- Lead development and enablement of risk-based vulnerability management programs for clients at enterprise scale
- Design prioritization models incorporating threat intelligence, exploitability, and asset criticality
- Guide remediation and patch management strategies across:
- Infrastructure and operating systems
- Network devices and appliances
- Cloud platforms and services
- Compute workloads (VMs, containers, serverless)
- Enterprise and custom applications
- Advise on vulnerability SLAs, KPIs, and reporting structures tied to measurable outcomes
- Improve remediation effectiveness and efficiency across distributed IT and cloud environments through process & control improvements and use of tools/technologies
- Design exception management and risk acceptance frameworks with governance and rigor that are within a client's risk appetite and risk tolerance and that can withstand regulatory scrutiny
Threat-Centric Scenario-Based Analysis
- Conduct threat-centric and scenario-based exposure analysis to simulate realistic attack paths
- Use adversary-focused scenarios to identify control gaps and drive targeted remediation
- Translate threat scenarios into prioritized, actionable remediation plans
- Help clients focus on exposures that materially reduce real-world risk
Exposure Validation & Threat-Informed Defense
- Support implementation of exposure validation practices (e.g., attack path analysis, adversary emulation concepts)
- Integrate threat intelligence into prioritization and decision-making
- Help clients evolve from scan-centric to exposure-centric and threat-informed models
- Validate whether remediation actions meaningfully reduce attacker opportunities
Key Consulting & Advisory Responsibilities
Consulting & Advisory
- Proven consulting/advisory record of supporting clients in different industries in the TVM domain
- Ability to lead conversations with multiple client stakeholders to define and scope opportunities acting as a security solutions architect
- Polished skills for leading and developing service offerings, TVM thought leadership, proposals, and statement of work products
- Ability to develop, maintain and enhance TVM pipeline, forecasts/actuals, utilization and profitability
- Lead workshops, briefings, and roadmap sessions
- Mentor and train consultants and contribute to capability development
- Demonstrate credibility through both strategic insight and real-world execution experience
Executive Reporting & Stakeholder Engagement
- Design and deliver executive-level reporting frameworks that communicate:
- Risk posture and exposure trends
- Remediation progress and SLA performance
- Business impact and risk reduction metrics
- Threat-driven prioritization rationale
- Develop and deliver dashboards and narratives for CISO, CIO, and board-level audiences
- Translate technical findings into business-relevant risk insights, understanding a client's risk appetite and risk tolerance
- Enable data-driven security investment decisions
Program Design & Optimization
- Assess current-state maturity and define target-state operating models
- Develop processes for continuous discovery, prioritization, validation, and mobilization
- Recommend tooling strategies and integration patterns across VM, EDR, CNAPP, ASM, and SIEM ecosystems
- Optimize workflows between security, IT, DevOps, and cloud teams
- Identify automation opportunities to improve scale and consistency
Requirements
- 10+ years in cybersecurity with focus on threat and vulnerability management
- 7-10+ years in cybersecurity consulting/advisory
- Proven experience operationalizing enterprise-scale vulnerability and remediation programs
- Experience coordinating remediation across infrastructure, network, cloud, and application teams
- Strong understanding of attacker TTPs and threat-informed defense
- Experience with vulnerability scanning, prioritization, and remediation workflows
- Familiarity with CTEM and exposure management practices
- Experience presenting to executive and board-level stakeholders
- Consulting or advisory experience with demonstrated delivery impact, * Experience in financial services, healthcare, or regulated industries
- Knowledge of cloud and container security exposure management
- Familiarity with attack surface management
- Certifications such as CISSP, CISM, GIAC
- Experience with major VM platforms (Tenable, Qualys, Rapid7, Microsoft, etc.)
- Experience designing automation/orchestration for remediation workflows
- Experience building executive dashboards and reporting frameworks
Key Competencies
- Strategic thinking with execution discipline
- Threat-centric and risk-based decision making
- Executive communication and storytelling
- Program and operating model design
- Driving operational effectiveness and efficiency
- Cross-functional collaboration
- Mentorship and leadership
Benefits & conditions
Tuition reimbursement, Pet insurance, Military leave, Parental leave, 401(k) matching, Paid time off, Employee discount, Vision insurance, Certain states and localities require employers to post a reasonable estimate of salary range. A reasonable estimate of the current base pay range for this position is $180,000 to $200,000 annually. Actual salary will be based on a variety of factors, including shift, location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base pay.
The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
- Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
- Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
- Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
- Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program
