IT Security Ops Specialist(Vulnerability Management Tech Lead )

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

The Team:

Job Description

The Vulnerability Management Lead is responsible for leading and delivering day-to-day vulnerability management operations across infrastructure, applications, and cloud environments. This role combines hands-on technical execution with team leadership, ensuring vulnerabilities are accurately identified, prioritized, and remediated in alignment with business risk and regulatory expectations.

The Vulnerability Management Lead provides direct technical leadership to vulnerability analysts while partnering closely with Security Operations, IT, Engineering, and Application teams to drive remediation accountability and continuous improvement. Operating within a global delivery model, this role collaborates with U.S.-based Vulnerability Management leadership and serves as a key execution and escalation point to ensure consistency, scale, and resilience of the global vulnerability management program.

In addition to operational ownership, the Vulnerability Management Lead contributes to programming strategy, tooling optimization, automation, and analytics, ensuring the vulnerability management capability evolves alongside emerging threats, technologies, and regulatory requirements.

Roles and Responsibilities

• Provide direct technical leadership and day-to-day oversight to Vulnerability Management Analysts, ensuring timely, accurate, and risk-based vulnerability identification and remediation.
• Own and manage vulnerability management operations across infrastructure, applications, and cloud environments, including scanning, validation, prioritization, and remediation tracking.
• Serve as a key execution partner and escalation point for U.S.-based Vulnerability Management leadership, ensuring continuity of operations and alignment with global program objectives.
• Design, optimize, and maintain vulnerability scanning strategies, including scan schedules, asset inventories, tagging, authentication, and policy tuning to maximize coverage and reduce false positives.
• Translate large-scale vulnerability data into actionable risk intelligence through automated analytics, dashboards, and reporting aligned to business impact and risk tolerance.
• Drive risk-based prioritization of vulnerabilities using exploitability, threat intelligence, asset criticality, and compensating controls rather than CVSS scores alone.
• Partner with IT, infrastructure, cloud, and application owners to communicate findings, recommend remediation strategies, and influence timely risk reduction decisions.
• Track remediation progress, ownership, exceptions, and end-of-life risks, ensuring transparency and accountability across the enterprise.
• Develop, maintain, and continuously improve vulnerability management runbooks, playbooks, and workflows to ensure operational consistency, audit readiness, and scalability.
• Lead vulnerability assessments and support penetration testing activities, translating findings into prioritized remediation actions and validating risk reduction.
• Monitor emerging threats, zero-day vulnerabilities, and regulatory changes, integrating lessons learned into improved detection, prevention, and response processes.
• Promote automation, AI-assisted prioritization, and continuous improvement across vulnerability management workflows.
• Mentor and develop vulnerability analysts, strengthening technical depth, risk analysis capability, and stakeholder engagement skills.
• Provide advanced escalation support for complex vulnerability findings, tool issues, and remediation challenges.
• Work hours may vary, and the position may require alignment with U.S. time zones and availability during critical security events or remediation windows.
• Additional duties may be assigned as necessary to meet the ongoing needs of the organization.
• Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events.

Skills and Qualifications

Required:

• 9+ years of experience in cybersecurity, with a strong focus on vulnerability management, security operations, or risk-based security programs.
• Proven experience leading or acting as a technical lead for vulnerability management or security operations teams in a global enterprise environment.
• Hands-on experience with vulnerability management platforms such as Qualys VMDR, Tenable.io, or equivalent tools.
• Strong understanding of vulnerability lifecycle management across infrastructure, operating systems, applications, and cloud environments.
• Experience securing Linux and Windows operating systems across on-prem, hybrid, and cloud environments.
• Demonstrated ability to contextualize vulnerability data using threat intelligence, exploitability, asset criticality, and business risk.
• Experience partnering with IT, engineering, and application teams to drive remediation and risk acceptance decisions.
• Hands-on experience with scripting and automation (e.g., Bash, PowerShell, Python, REST APIs).
• Strong analytical skills with experience building dashboards, metrics, and executive-level reporting.
• Familiarity with security frameworks and standards such as NIST CSF, ISO 27001, and OWASP Top 10.
• Strong technical leadership, communication, and stakeholder management skills.
• Ability to support after-hours coordination or incident response activities as needed.

Preferred:

• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or equivalent practical experience.
• Security certifications such as Security+, SSCP, CCSP, CySA+, PenTest+, or Cloud+.
• Experience incorporating AI-assisted prioritization and analytics into vulnerability management processes.
• Familiarity with penetration testing methodologies and validation of remediation effectiveness.
• Experience operating within regulated environments and supporting audit evidence for vulnerability management controls.
• Background in cloud security across AWS, Azure, and GCP.

Shift Timing:

• Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events.

Qualifications

What We’re Looking For:

• Demonstrated a growth mindset by staying curious and continuously learning, embracing challenges, and improving themselves.

Additional Information

Don’t meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering generations to explore the wonder of childhood and reach their full potential.

Mattel’s award-winning workplace culture has been recognized by Forbes, Fast Company, Newsweek, Great Place to Work, TIME, and more.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers, and all applicants will receive consideration for employment.