Vulnerability Management and Security Engineering Vice President

Responsibilities

• Vulnerability Management (Hands‑On Execution) – Conduct regular vulnerability assessments of all systems, applications, and infrastructure. Execute vulnerability scans using tools such as Nessus, Qualys, or Rapid7, perform or coordinate penetration testing and security assessments. Analyze vulnerability data and issue actionable remediation, mitigation, or risk‑acceptance recommendations calibrated to the firm’s risk profile. Drive remediation directly with engineering, infrastructure, and application teams, tracking findings from discovery through to validated closure. Validate all remediations to confirm findings are fully resolved. Develop and maintain meaningful vulnerability metrics and dashboards for senior leadership, incorporating risk‑based scoring, SLA adherence, and trend analysis. Work with cross‑functional teams to embed vulnerability management considerations into the design, development, and testing of new systems and applications. Coordinate with external vendors and partners to optimize detection quality, validate findings, and improve remediation workflows.
• Program Management & Governance – Develop and maintain security policies, procedures, and standards aligned to industry best practices (NIST, CIS, ISO) and PJT policy requirements. Support audit evidence collection and manage remediation timelines for compliance‑related findings. Communicate security risks and program status to management and stakeholders; provide clear, prioritized recommendations. Understand and effectively balance risk versus business operability in all remediation decisions. Provide leadership and mentorship to junior security team members; manage and direct external teams as needed.
• Engineering Support – Maintain the vulnerability management platform infrastructure, including scanner and agent configuration, and integration with downstream ticketing and reporting systems. In support of the overall PJT security program, assist with project work on security infrastructure, including SIEM, EDR, and related tooling – contributing engineering effort as priorities require.
• Incident Response – Serve as a critical incident response resource, providing coverage during hours when the primary SOC team may not be available. Triaging and responding to critical‑severity incidents, escalating appropriately, and ensuring continuity of response without gaps.

Qualifications

• Education & Experience: Bachelor’s degree in Computer Science, Information Security, or a related field. 7–10+ years of experience in information security with a strong focus on vulnerability management, secure design review, patch operations, and incident response. Demonstrated experience running a hands‑on vulnerability management program – not solely in an oversight or program management capacity. Experience providing incident response coverage, including participation in on‑call rotations or extended‑hours response.
• Technical Skills: Proficiency with vulnerability management platforms such as Nessus, Qualys, or Rapid7; ability to operate these tools directly. Knowledge of cloud security posture management (CSPM) platforms such as Wiz or Microsoft Defender for Cloud, and exposure management workflows. Strong technical skills in vulnerability scanning, patch management, and network security protocols. Working knowledge of operating systems (Windows, Linux) and web application security. Familiarity with SIEM tools for alert triage and incident investigation. Scripting and automation skills in PowerShell or Python; experience with workflow tools such as ServiceNow or JIRA. Working knowledge of security frameworks including NIST CSF, CIS Controls, and ISO 27001. Understanding of incident response frameworks (e.g., NIST SP 800‑61, PICERL) and how vulnerability management integrates into the IR lifecycle.
• Soft Skills & Availability: Excellent communication and interpersonal skills; able to convey complex security issues to both technical and non‑technical audiences. Strong leadership and mentorship abilities; demonstrated experience managing cross‑functional teams and external consultants. Ability to work independently, manage competing priorities, and adapt to rapidly shifting demands. Willingness and ability to provide extended‑hours incident response coverage as required by the role, including off‑hours and weekend on‑call responsibilities.

Compensation: Expected annualized base salary of $150,000 – $175,000, with a discretionary bonus component. Base salary is one component of the PJT Partners compensation structure.

Equal Opportunity Employer: PJT is an equal opportunity employer. We do not discriminate on the basis of race, color, religious creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, medical condition, genetic information or predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other category protected by law. PJT Partners complies with all applicable laws with regard to providing reasonable accommodation of disabilities to applicants. Please contact Human Resources for more information or to request an accommodation.