Lead Threat & Vulnerability Management Engineer

Recruitment Fraud Alert

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

What to know:

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

The Opportunity

Commvault is seeking a Lead Threat & Vulnerability Management Engineer to serve as a technical and strategic cornerstone of our Threat & Vulnerability Management program. Acting as a senior member of the team, you will mentor Vulnerability Management analysts/engineers, provide technical remediation guidance, and work cross-functionally to reduce risk across enterprise assets. The right candidate will be a self-starter who is comfortable working independently, rolling up their sleeves when needed, and using every available resource to improve processes, drive remediation, and advance the maturity of the program.

What you’ll do

• Act as the technical and operational lead for the Vulnerability Management program, setting standards and guiding best practices
• Mentor analysts through complex vulnerability analysis, prioritization, and remediation workflows

• Develop and maintain effective relationships with Engineering, IT and application development teams to ensure vulnerabilities are clearly understood, properly risk-assessed, and effectively remediated.

• Provide expert-level guidance on interpreting CVEs, CVSS, CISA KEV advisories, and vendor bulletins to assess exploitability and organizational impact.

• Monitor key performance indicator (KPI) metrics; track and report on performance; provide reporting to security management on performance.

• Automate repetitive tasks and data flows through scripts and integrations (e.g., Bash, Python, PowerShell, or API-based automation).
• Advocate for continuous improvement by identifying tooling, process, and training gaps, and taking the initiative to close them.
• Stay abreast of industry trends and changing threat landscape and review technologies/services and make recommendations to continuously improve our capabilities

Who you are

• 7+ years of Vulnerability Management or security operations experience, with demonstrated ownership of enterprise vulnerability workflows.

• Ability to respond to critical zero-day exploits, and incidents 24x7
• Demonstrated project management skills, specifically managing multiple, concurrent projects.

• Hands-on experience with vulnerability management tools (BitSight, Qualys, Rapid7, Tenable, Wiz, etc.).

• In-depth understanding of CVSS, CISA KEV, EPSS, and modern vulnerability prioritization methodologies.
• Hands-on experience across hybrid cloud environments (AWS, Azure, GCP) and with containerization (Docker, Kubernetes).
• Proven ability to mentor others and influence teams through technical expertise and effective communication.
• Experience supporting regulatory compliance initiatives (e.g., FedRAMP, PCI-DSS, SOC2) by implementing controls to address compliance requirements and providing evidence to auditors/regulators
• Strong scripting skills (Python, PowerShell, or equivalent) and familiarity with integrating security data into ticketing and reporting systems (Jira, ServiceNow).
• Exceptional communication skills — able to break down complex vulnerabilities for non-security stakeholders while retaining accuracy and context.
• Demonstrated self-direction and initiative in building solutions, improving operations, and championing collaboration across teams.

• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

• Relevant certifications such as CISSP, GCIH, OSCP, GPEN, CCSP are a plus
• SaaS & Security experience preferred.

 You’ll love working here because:

• Employee stock purchase plan (ESPP)
• Continuous professional development, product training, and career pathing
• Annual health check-ups, Car lease Program, and Tuition Reimbursement
• An inclusive company culture, an opportunity to join our Community Guilds
• Personal accident cover and Term life cover