Lead, Vulnerability Security Operations (VulnSecOps)

Description & Requirements About Xerox Holdings Corporation For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we've expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today's global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com . Xerox is seeking a Lead, Vulnerability Security Operations (VulnSecOps), reporting to the Head of Threat Detection, Response and Cyber Threat Intel, to build and lead a next-generation vulnerability operations capability across the enterprise. This role is critical to evolving Xerox's cybersecurity program from periodic, human-paced vulnerability management to a continuous, automated, and intelligence-driven operating model aligned to an increasingly dynamic and AI-accelerated threat landscape. The Lead will establish and scale a global VulnSecOps function and team that integrates vulnerability discovery, prioritization, and remediation into a unified lifecycle across infrastructure, applications, cloud environments, and third-party ecosystems. This role will drive the adoption of AI-enabled capabilities to identify and remediate vulnerabilities at speed, while embedding security into engineering, platform, and IT operations workflows. Success in this role requires strong executive presence, deep technical and operational credibility, and the ability to influence senior leadership across Engineering, Product, IT, Cloud Operations, and Security to drive shared accountability for vulnerability risk reduction. Key Responsibilities Vulnerability Security Operations Leadership

• Define and execute Xerox's enterprise VulnSecOps strategy aligned with business priorities and evolving threat dynamics.
• Establish a continuous vulnerability lifecycle model, transitioning from traditional scanning and ticketing approaches to automated discovery, prioritization, and remediation.
• Drive integration of vulnerability management across security, engineering, and IT operations functions.
• Establish clear measures of success, including reduction in exploitable exposure, time-to-remediation, and automation coverage.
• Collaborate closely with Security leadership (Enterprise Security, Product Security, Cloud Security, GRC, Threat Detection & Response) and cross-functional partners (Engineering, Product, IT, Architecture) to ensure consistent and aligned risk management. AI-Driven Discovery & Automation
• Lead the deployment and operationalization of AI-driven vulnerability discovery capabilities across internal codebases, infrastructure, cloud, and third-party dependencies.
• Drive the adoption of "point AI at our own environment" practices to proactively identify vulnerabilities before adversaries.
• Establish automated remediation pipelines, including patch orchestration, configuration hardening, and AI-assisted code fixes.
• Integrate vulnerability detection and remediation into CI/CD pipelines and platform engineering workflows.
• Enable machine-speed detection, triage, and response capabilities across the vulnerability lifecycle. Risk-Based Prioritization & Exposure Reduction
• Establish a modern, risk-based vulnerability prioritization model that goes beyond CVSS to incorporate exploitability, exposure, and business impact.
• Continuously assess and reduce enterprise attack surface across Core and non-Core IT environments and customer/product environments.
• Ensure prioritization aligns to real-world threat intelligence and evolving attacker capabilities.
• Drive reduction of high-risk vulnerability backlog and improve overall risk posture. VulnOps Engineering & Platform Integration
• Build and scale a vulnerability operations platform integrating: o Security tooling (SAST, DAST, SCA, EASM, cloud security) o AI-enabled capabilities to discover and remediate vulnerabilities o ITSM and patch management systems o CI/CD pipelines and developer workflows o Asset and configuration management systems
• Partner with platform engineering teams to embed vulnerability remediation into standard operating processes.
• Drive standardization and automation across patching, configuration management, and vulnerability response workflows. Incident Readiness & Surge Response
• Align vulnerability operations with incident detection and response to support rapid response to: o Zero-day vulnerabilities o Mass or several concurrent exploitation events o Supply chain vulnerabilities
• Establish surge capacity models to handle high-volume vulnerability events and coordinated patching efforts.
• Ensure playbooks and response mechanisms support simultaneous, high-severity vulnerability scenarios. Metrics, Reporting & Executive Engagement
• Define and track key performance indicators, including (but not limited to): o Mean time to remediate (MTTR) o % of vulnerabilities remediated within SLA o % of automated remediation o Reduction in exploitable exposure
• Provide executive-level reporting on vulnerability risk posture, trends, and emerging threats.
• Translate technical vulnerability risk into business impact to inform decision-making and prioritization. What You Will Lead
• A modern, enterprise-wide VulnSecOps capability operating at increasing levels of automation and speed.
• A shift from reactive vulnerability management to continuous, proactive vulnerability operations.
• Integration of AI-driven capabilities across vulnerability discovery, prioritization, and remediation.
• A high-performing, globally distributed team aligned to reducing enterprise risk and improving resilience. Minimum Qualifications
• Bachelor's degree in Computer Science, Engineering, Information Security, or a related discipline.
• 7 to 10 years of experience in cybersecurity, with depth in vulnerability management, application security, or security operations.
• Experience leading roles driving enterprise-scale security or engineering initiatives.
• Strong experience with vulnerability management, patching strategies, and risk-based prioritization.
• Experience building or operating automation-driven security or IT operations programs.
• Demonstrated ability to influence cross-functional stakeholders across Engineering, IT, and Security.
• Strong communication skills with the ability to translate technical risk into business impact. Preferred Qualifications
• Experience implementing AI/ML-driven security capabilities or automation in security operations, vulnerability management, or vulnerability remediation.
• Familiarity with DevOps, CI/CD pipelines, and platform engineering models.
• Experience with cloud-native environments and modern infrastructure (AWS, Azure, GCP).
• Familiarity with

NIST, ISO/IEC

frameworks, OWASP, and software supply chain security practices.

• Experience operating in highly matrixed, global organizations.
• Demonstrated success building new security capabilities or transforming legacy programs.