• Manager, Vulnerability Management

    Marriott (Bethesda, MD)


    Additional Information

    **Job Number** 25173306

    **Job Category** Information Technology

    **Location** Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States, 20814VIEW ON MAP (https://www.google.com/maps?q=Marriott%20International%20HQ%2C%207750%20Wisconsin%20Avenue%2C%20Bethesda%2C%20Maryland%2C%20United%20States%2C%2020814)

    **Schedule** Full Time

    **Located Remotely?** Y

    **Position Type** Management

    **Pay Range:** $84,900-$142,900 Annually

    **Bonus Eligible:** Y

    **Expiration Date:** 11/25/2025

    JOB SUMMARY

    The Manager, Vulnerability Management functions as a technical expert in the area of vulnerability scanning and remediation tracking. The role will be responsible for identifying vulnerabilities through vulnerability scanning, and ensuring remediation through assessment and reporting. The role will also maintain the evaluation process, identify areas for process improvement to assure the inclusion of appropriate elements of quality and compliance with security policy and regulations. The role will provide assistance with enterprise vulnerability scanning and will be able to create and manage integrated assessments. This role is for a technical expert who can monitor and assess vulnerability scanning data. It requires the ability to communicate with technical and non-technical stakeholders, relay the importance of the vulnerability management activities, the risks presented by findings, and potential remediation actions. This role requires a working knowledge of security and network protocols, system and network administration, and configuration management.

    CANDIDATE PROFILE

    Education and Experience

    Required:

    Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification.

     

    5+ years of information security experience that also includes background and knowledge of general security concepts such as defense in-depth, least privilege, etc.

    2+ years’ experience with:

    Vulnerability scanning and assessment using Tenable.io.

     

    Vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures, threat assessment, and remediation management.

     

    Implementing, managing or using enterprise vulnerability assessment technologies, including Tenable.io, Tenable Security Center, or similar vulnerability solutions, is required.

    Preferred:

    Current information security certification, including Certified Information Systems Security Professional (CISSP), GIAC certification, or Certified Information Security Manager (CISM).

     

    Technical leadership experience in both, sourced and contractor, environments.

     

    Experience managing or operating enterprise vulnerability management in a large commercial enterprise.

     

    Experience working in a multi-cloud enterprise environment.

     

    Ability to understand and manipulate large data sets to provide analysis and reporting.

     

    Experience working on medium to large projects involving multiple teams in a technical lead role within an enterprise environment.

     

    Experience with managing technical aspects of various controls frameworks, such as NIST Security and Privacy Controls and PCI-DSS.

     

    Experience managing or operating enterprise vulnerability management in a large commercial enterprise.

     

    Familiarity with attack and exploitation techniques involving operating systems, applications, and devices commonly seen in an enterprise environment.

     

    Excellent communication skills and problem solving ability.

     

    Demonstrated ability to work independently and with others.

     

    Technical infrastructure operations, administration, or engineering background.

    CORE WORK ACTIVITIES

    Provide technical leadership to the information vulnerability management process, including developing and managing remediation activities.

     

    Identify, triage, and prioritize vulnerabilities and associated remediation and mitigation activity using multiple sources of vulnerability, threat, and asset data.

     

    Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities for which complete remediation does not exist, on both individual assets and on multi-asset solutions and environments.

     

    Use internal solutions to report on open vulnerabilities, remediation progress, remediation compliance, and vulnerability metrics for use by technical, management, and executive stakeholders.

     

    Perform planned and ad-hoc vulnerability scanning, determine remediation options and track remediation to completion.

     

    Evaluate and test hardware, firmware and software for possible impact on system security, and the investigation and resolution of security risk and incidents.

     

    Assist in the direction of third-party vendors activities to include prioritizing work, developing processes to govern such activities, and reporting on the status, type, and effectiveness of those activities.

     

    Create, maintain, and mature vulnerability management processes and associated documentation.

     

    Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders

     

    Work proactively with IT Infrastructure partners with respect to strategic and tactical plans for information security.

     

    Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to manage security configuration, patch management and vulnerability management within the infrastructure services.

     

    Participates in the evaluation and selection of security services products.

     

    Promotes the benefits of security services to the organization and educates the team on security concepts.

     

     

    Technical Leadership

     

    Trains and/or mentors other team members, and peers as appropriate

     

    Provides financial input on department or project budgets, capital expenditures or other cost/resource estimates as requested

     

    Identifies opportunities to enhance the service delivery processes

     

    IT Governance

     

    Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed

     

    Maintains a proper balance between business and operational risk

     

    Follows the defined project management standards and processes

     

    _At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law._

     

    All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here (https://life.marriott.com/wp-content/uploads/2025/09/benefitsoverviewp\_2025edits\_8.19.25.pdf) to learn more.

     

    Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.

     

    **Washington Applicants Only** : Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.

     

    Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

     

    Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. **Be** where you can do your best work,​ **begin** your purpose, **belong** to an amazing global​ team, and **become** the best version of you.