At Deckers Brands, Together, Every Step is a promise kept that every employee can bring their authentic self, is valued and supported, as a whole person, at work and beyond. Together, Every Step is how we continue to deliver exceptional business results, experience an amazing place to work, and have a positive impact on the communities and world around us.
Job Title: Vulnerability Management Security Engineer
Reports to: Dir, Security Engineering
Location: United States (Remote)
Interested applicants must reside in one of the following approved states: Arizona, California, Colorado, Indiana, Massachusetts, Minnesota, New York, Oregon, Pennsylvania, Texas, Utah, Washington
The Role
As Lead Vulnerability Management Security Engineer, you will architect the global strategic vision for Deckers Brands' security posture, moving beyond tactical scanning to build a high-maturity, risk-based vulnerability management lifecycle. You’ll serve as a pivotal bridge between technical Infrastructure Operations and cross-functional business leadership, quantifying and mitigating systemic risk. Your mission is to shift the organization from reactive patching to a proactive governance model, implementing advanced prioritization frameworks that balance rapid business innovation with rigorous security stability. By driving the adoption of next-generation automation and orchestration tools, you will ensure that critical assets remain resilient against an evolving global threat landscape while directly influencing the security culture of a growing multi-brand enterprise.
We celebrate diversity--of your background, your experiences and your unique identity. We are committed to ensuring an inclusive and equitable workplace where all of our employees can Come as They Are. We believe that when we bring our different perspectives to work, we are truly Better Together.
Your Impact
- Architect and lead the end-to-end vulnerability management lifecycle, ensuring alignment with global security frameworks such as NIST, ISO 27001/2, and CIS Top 20
- Lead high-level risk discussions with business and technical stakeholders to transform raw vulnerability data into prioritized, actionable remediation roadmaps
- Serve as a trusted security advisor to infrastructure and application teams, fostering a culture of shared accountability for security debt and remediation
- Design and maintain a comprehensive security metrics program using BI tools (e.g., Tableau) to communicate program effectiveness and residual risk to executive leadership
- Drive the strategic selection, integration, and optimization of advanced security technologies to ensure a future-ready defense against emerging threats
- Spearhead the use of Python, PowerShell, and API integrations (with tools like CrowdStrike) to automate repetitive workflows and improve the Mean Time to Remediate (MTTR)
- Own the development and continuous improvement of cybersecurity policies and standards, ensuring they reflect current global threat intelligence and regulatory requirements
- Perform complex, risk-based assessments of both on-premises and cloud-native services to ensure consistent security controls across a hybrid environment
- Build and present compelling technical and business cases for security investments, securing buy-in for initiatives that mitigate critical enterprise vulnerabilities
Who You Are
- BA/BS degree, or equivalent experience
- Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Certified Vulnerability Assessor (CVA), GIAC Enterprise Vulnerability Assessor (GEVA), or other similar credentials, is desired
- Demonstrated success in architecting, implementing, and scaling enterprise-grade vulnerability management programs from the ground up
- 7+ years of extensive experience in security vulnerability management, including sophisticated scanning methodologies, risk-based assessment, and complex remediation orchestration
- Advanced hands-on experience with industry-leading vulnerability management platforms and their integration into the broader security stack
- Deep understanding of mapping vulnerability remediation to regulatory frameworks and standards such as PCI-DSS, HIPAA, SOC2, and GDPR
- Proven ability to author and enforce enterprise security policies, standards, and SLAs that drive measurable risk reduction
- Expert-level skill in developing and presenting high-fidelity security metrics and KPIs to influence executive-level decision-making
- Advanced knowledge of current and emerging threat vectors, exploit techniques, and the ability to pivot strategies based on the evolving global landscape
- Strong background in aligning vulnerability data with Incident Response (IR) and Threat Hunting workflows to accelerate containment and recovery
- Experience serving as a technical lead on large-scale infrastructure and cloud security initiatives, ensuring "secure-by-default" configurations
- Proficiency with vulnerability management tools (e.g., Tenable, CrowdStrike) and scripting/automation languages (e.g., PowerShell, Python)
- In-depth understanding of security frameworks and standards (NIST, ISO27001/2, CIS Top 20 Controls)
- Strong knowledge of compliance standards and regulatory requirements (e.g., PCI-DSS)
- Ability to analyze complex vulnerability data to identify patterns, trends, and actionable insights
- Risk-based assessment capabilities to prioritize and address critical vulnerabilities effectively
- Strong verbal and written communication skills for reporting and stakeholder engagement
- Proven ability to collaborate with cross-functional teams, serving as a trusted advisor
- Ability to identify gaps in security measures and propose effective solutions
- Strategic mindset for building business cases and influencing security tool adoption
- Self-driven with the ability to manage and update cybersecurity policies and standards independently
- Strategic thinking to contribute to the advancement of the cybersecurity program
What We'll Give You –
- Competitive Pay and Bonuses - We’ve created a variety of competitive compensation programs to foster career development, reward success and to show our employees just how much they’re valued.
- Financial Planning and wellbeing - No matter what financial goals our employees have set, we want to help them get there. Our plans provide powerful ways to protect income, pay for expenses and invest in the future.
- Time away from work - Sometimes we need time away to be with family, focus on our health or just simply recharge. Our plans support our employees’ needs to get out, get healthy and come back stronger than ever.
- Extras, discounts and perks - Being a valued member of the Deckers Brands team means more than just a paycheck. From generous discounts to community-based programs, we offer a variety of cool extras
- Growth and Development - Deckers Brands was built on the idea of pursuing passion. That’s why we offer extensive opportunities and support for personal and professional development.
- Health and Wellness - There’s nothing basic about our comprehensive health and wellness programs and offerings. While at work and at play, we aim to support a healthy lifestyle.
$145,000 - $155,000
The salary range posted reflects the minimum and maximum target for new hire salaries for this role in our Goleta, CA location. Individual pay will be determined by location and additional factors, including job related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary for your preferred location during the hiring process.
Equal Employment Opportunity
Diversity and inclusion are key to our success. We are proud to be an equal opportunity employer, and our employees are people with different strengths, experiences and backgrounds who share a passion for our brands. We welcome qualified applicants regardless of their race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, military or veteran status, mental or physical disability, medical condition and all the other beautiful parts of your identity.