Cybersecurity Lead - Risk & Vulnerability Mgt

New Haven, CT

Yale University

Yale University offers exciting opportunities for achievement and growth in New Haven, Connecticut. Conveniently located between Boston and New York, New Haven is the creative capital of Connecticut with cultural resources that include three major museums, a critically-acclaimed repertory theater, state-of-the-art concert hall, and world-renowned schools of Architecture, Art, Drama, and Music.


General Purpose: 

The Technical Lead - Risk and Vulnerability Management, reporting to the Director of Risk and Compliance, is responsible for the technical and operational requirements of continuous vulnerability management, the identification and assessment of information security risk, coordination with external stakeholders regarding remediation effectiveness and the coordination of day-to-day activities of the Risk team.


Additional responsibilities include:

  • Conducts network, system and application vulnerability assessments, using manual and automated tools, on University systems including UNIX/Linux, Windows, cloud services, virtualization environments, network devices, databases, applications, web servers and operational technology devices.
  • Conducts departmental and enterprise information technology risk assessments.
  • Trains and mentors Risk Team members on operational practices and information security topics.
  • Leads automation efforts in the detection, categorization, reporting and tracking of identified vulnerabilities.
  • Analyzes and reports on vulnerability trends to identify areas of prioritization based on risk.
  • Collaborates with engineering teams to understand vulnerability managements needs and assist with remediation and mitigation strategies.
  • Provides verbal and written reports on vulnerability risk to executive, business and technical stakeholders.
  • Contributes to information technology vulnerability management and risk strategy.
  • Maintains current knowledge of the threat landscape including attacker tactics, techniques and procedures.


Required Education and Experience: 

Bachelor's Degree in a relevant technical field and a minimum of four years of related technical experience or an equivalent combination of education and experience.



  • Proven ability with vulnerability management tools such as Tenable Nessus, Qualys, Rapid7, Acunetix, ZAP, and BurpSuite.
  • In-depth knowledge of infrastructure and application security concepts and tools.
  • Scripting and/or programming skills.
  • Excellent verbal and written communication skills and the ability to communicate risk at varying levels of the organization.
  • Preferred Education and Experience: Experience as a technical lead. Experience with static and dynamic application security tools, techniques and procedures. Experience with incident response and forensics. Experience as a software developer. Experience as a system or network administrator. Experience with standard information security control and compliance frameworks.


Application: For more information and immediate consideration, please apply online at Please be sure to reference this website when applying for this position.


We invite you to discover the excitement, diversity, rewards and excellence of a career at Yale University. One of the country's great workplaces, Yale University offers exciting opportunities for meaningful accomplishment and true growth. Our benefits package is among the best anywhere, with a wide variety of insurance choices, liberal paid time off, fantastic family and educational benefits, a variety of retirement benefits, extensive recreational facilities, and much more.

Yale University considers applicants for employment without regard to and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Yale discriminate on the basis of sexual orientation or gender identity or expression.

Posted: 03/29/2021