Vulnerability Management Specialist - Assistant Vice President

iCapital is looking for a AVP Engineer to join the Information Security team. This role will help establish and run Vulnerability and Exposure Management practices, build structured remediation processes, support application security activities, and continuously identify and reduce risk across iCapital technology. The ideal candidate is a hands-on individual contributor who can implement and improve processes, work directly with developers and drive remediation execution at scale.

• →Build and manage Vulnerability and Exposure Management processes, providing continuous monitoring, prioritisation, and resolution of vulnerabilities across the environment.
• →Implement and drive remediation of vulnerabilities and security weaknesses.
• →Collaborate with engineering teams to improve workflows, adopt best practices, and drive consistent remediation standards.
• →Build automation capabilities to ingest, track and report vulnerabilities and exposures.
• →Evolve and improve exposure management capabilities, including prioritization based on risk, attack paths, and business impact.
• →Build processes and automation capabilities for application security workflows, including SAST, SCA, secrets and API security in collaboration with developers.
• →Review and validate penetration testing findings and ensure effective remediation.
• →Work directly with developers to explain vulnerabilities, agree remediation approaches, and validate fixes.
• →Support threat modelling activities to identify risk earlier in the design phase.
• →Assist the SOC in improving detection and alerting capabilities based on identified vulnerabilities and exposures.
• →Develop workflows for vulnerability intake, triage, remediation tracking, and reporting across tools.
• →Assist Risk and Governance teams with policies, procedures, standards, and audit evidence.
• →Collaborate with cross-functional teams, including Engineering and Security, to deliver security improvements.

• Experience in Vulnerability Management, Exposure Management, or Application Security.
• Strong understanding of web and API security risks.
• Experience reviewing and validating penetration testing findings.
• Experience working with developers.
• Experience with scripting and automation, preferably Python.
• Experience with development workflows, systems engineering and modern CI/CD environments.
• Strong verbal and written communication skills.
• Able to influence stakeholders.
• Able to drive tasks to completion.

• Security certifications.
• Experience with GitLab or GitHub security features.
• Experience with Wiz, CSPM, CrowdStrike or code scanning tools (SAST, SCA, DAST).
• Experience with secure code reviews and threat modelling.
• Experience with API security and Burp Suite or similar testing tools.

We believe the best ideas and innovation happen when we are together. Employees in this role will work in the office four days, with the flexibility to work remotely one day (Friday).