Alkami is a leading cloud-based digital banking solutions provider for financial institutions in the United States that helps clients to transform through retail and business banking, digital account opening and loan origination, payment fraud prevention, and data analytics and engagement solutions. Alkami’s Mobile App Platform has been certified by J.D. Power for providing clients with “An Outstanding Mobile Banking Platform Experience.”
Founded in 2009, we continue to be recognized for our intentional culture and tremendous growth (Best Place to Work in Fintech; Best & Brightest to Work For Nationally; and Comparably’s Best Company Culture, Best Career Growth, Best Engineering Team, and Best Places to Work in Dallas, among others). Through our bold investments in technology and people, we empower our clients to grow confidently, adapt quickly, and build thriving digital banking communities through tailored experiences for over 19.5M users.
As a remote-first company, most of our positions can be remote in the US, except for key roles, which will be indicated in the Job Title.
Follow us on Glassdoor and Linkedin!
Alkami is hiring a Vulnerability Manager to lead and advance our enterprise vulnerability management program, ensuring the protection of Alkami and its clients through proactive risk reduction. This leader will be responsible for building and maturing a scalable vulnerability management discipline, driving continuous improvement through automation, metrics, and cross-functional alignment.The Vulnerability Manager will mentor and coach a team while remaining hands-on with tools, processes, and workflows. In this role, you will partner closely with Security Architecture, Security Engineering, IT, DevOps/SRE, and Compliance teams to ensure that vulnerabilities across infrastructure, applications, and cloud environments are identified, prioritized, and remediated effectively.
Alkami empowers its leaders for growth and success, and you will have representation in the Information Security Steering Committee as well as other strategic forums to advocate for risk-based remediation and secure-by-design practices.
Key Responsibilities & Duties:
The Vulnerability Manager will:
Guide and manage the enterprise vulnerability management lifecycle with a focus on maturing processes for scanning, triage, risk scoring, remediation tracking, and continuous improvement.
Optimize the vulnerability management platform and related tools, ensuring accurate, automated, and scalable coverage across infrastructure, applications, and cloud environments.
Develop and deliver meaningful metrics and executive reporting to drive accountability, measure progress, and inform leadership on risk posture.
Act as a thought leader in vulnerability risk management, influencing remediation strategies, prioritization decisions, and long-term technology lifecycle planning.
Lead and facilitate technical discussions and investigations to address critical vulnerabilities in a timely and effective manner.
Partner cross-functionally with IT, Engineering, and other teams to identify, track, and mitigate risks tied to end-of-life systems, unsupported technologies, and legacy microservices, ensuring proactive upgrade, re-platforming, or decommission strategies.
Manage CSPM tracking, providing visibility into cloud misconfigurations, over-permissioned identities, and cloud-native vulnerabilities, and driving remediation in partnership with other teams across the organization.
Qualifications:
Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
8+ years of experience in cybersecurity with at least 5 years focused on vulnerability management, risk management, or related security functions.
Hands-on expertise with vulnerability management platforms (e.g., Tenable, Qualys, Rapid7, Vulcan, Kenna).
Experience with cloud security tools (CSPM/CNAPP) such as Wiz, Prisma Cloud, or Orca.
Strong understanding of operating systems (Windows, Linux, macOS), networking, and cloud platforms (AWS, Azure, GCP).
Proven ability to track, prioritize, and mitigate risks tied to end-of-life technologies and legacy microservices.
Strong knowledge of vulnerability scoring frameworks (CVSS), patch management processes, and risk-based prioritization.
Excellent problem-solving, analytical, and communication skills with the ability to influence stakeholders at all levels.
Demonstrated ability to lead teams, manage competing priorities, and drive remediation in partnership with IT, Engineering, and Compliance.
Desired Skills:
Experience with container security and cloud-native environments (Docker, Kubernetes, serverless).
Knowledge of security frameworks and regulatory standards (NIST CSF, PCI DSS, SOC 2, ISO 27001).
Experience automating remediation workflows or integrating vulnerability data into ticketing systems (e.g., Jira, ServiceNow).
Background in threat modeling and risk assessment beyond patching.
Relevant certifications such as CISSP, CISM, OSCP, GIAC/GVMS, or cloud security certifications.
Not Just Any Company: Alkami has an awesome diverse and inclusive environment. We have a FUN culture and offer great benefits, including remote-first environment, unlimited paid time off, 401(k) with employer match, and more.
Work Authorization: We cannot offer employment sponsorship at this time. Candidates must be eligible to work in the US for full-time employment.
Recruiters: We are not looking for outside recruiting firms to help us in this search. Thank you for understanding.
Pay Transparency: As of January 1, 2023, new states and locales have enacted pay equity laws that require more pay transparency by employers in the following states: California, Colorado (effective January 1, 2021), Connecticut, Maryland, Nevada, New Jersey, New York, Ohio, Rhode Island and Washington.
The Important StuffAlkami Technology is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: Alkami is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Alkami are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Alkami will not tolerate discrimination or harassment based on any of these characteristics. Alkami encourages applicants of all ages.
#LI-REMOTE
J.D. Power 2024 Mobile App Platform Certification ProgramSM recognition is based on successful completion of an audit and exceeding a customer experience benchmark through a survey of recent servicing interactions. For more information, visit jdpower.com/awards.
Top Skills
Similar Jobs
What you need to know about the San Francisco Tech Scene
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
