DeFiJobs
Back to all jobs
C

Security Manager (Vulnerability)

CoinsPaid
Remote - European Region
Remotefull-timeEngineering
Apply for this position

Job Description

CoinsPaid offers ready-to-use crypto payment solutions tailored to business’ every need. Standing at the forefront of mass adoption, our products help businesses gear up for the new era of digital assets. We showed a tremendous growth in terms of transactions and volumes since 2019 and in 2023 were marked by Forbes as the "Best Crypto Payment Gateway for High-Volume Transactions". 

Headquartered in Estonia and having 3 international hubs, we are still a remote-first company with employees working from 30+ countries around the world. At CoinsPaid, we are passionate about crypto, fintech and are putting great effort into building a team that will get the world ready for every-day crypto use. If these feel close to you - give us a shout!

We are looking for a skilled and strategic Vulnerability Manager to lead and evolve our organization-wide vulnerability management program. This role is pivotal in maturing our security posture by embedding proactive risk mitigation practices into our infrastructure, development, and operational workflows.
You will have full ownership of the vulnerability management strategy, tooling, and governance model across diverse technical environments including cloud, containers, workstations, infrastructure, and applications. As the program scales, you’ll have the opportunity to grow and mentor a team, drive automation and orchestration initiatives, and ensure that security is a foundational element of our technology ecosystem.
If you're passionate about building efficient, measurable, and risk-driven vulnerability management functions that align with modern DevSecOps practices and regulatory standards - we want to hear from you!

Responsibilities:

  • Lead the vulnerability management program end-to-end: strategy, governance, tooling, and process development
  • Develop and implement a risk-based methodology for vulnerability discovery and prioritization, considering threat intelligence and business impact
  • Oversee vulnerability detection and remediation across all environments: infrastructure, cloud, containers, workstations, and applications
  • Manage deployment, tuning, and optimization of scanning tools (e.g., Tenable, Qualys, Rapid7, OpenVAS)
  • Drive continuous improvement through automation and integration with IT and security ecosystems.
  • Define, track, and report KPIs/metrics to assess program effectiveness and maturity
  • Work closely with DevOps, IT, and product teams to embed security into CI/CD pipelines and design secure-by-default systems
  • Ensure alignment with security frameworks and compliance standards (e.g., ISO 27001, PCI DSS, SOC 2)
  • Represent the vulnerability management function during audits, executive reviews, and cross-functional security governance forums
  • Establish SLAs and exception handling processes for vulnerability remediation across business units
  • Act as a subject matter expert to guide teams on remediation strategies and secure architecture decisions
  • Collaborate with threat intelligence and engineering teams to contextualize and prioritize vulnerabilities
  • Maintain dashboards and reporting for executive stakeholders to communicate vulnerability trends and risk exposure
  • Evaluate and introduce new technologies that enhance detection, prioritization, and remediation capabilities

Requirements:

  • 5+ years of experience in cybersecurity, including 2+ years in a leadership or senior role focused on vulnerability management
  • Deep understanding of vulnerability lifecycle management, risk prioritization, and remediation workflows
  • Proven experience building or scaling vulnerability programs in complex, distributed environments (including cloud and hybrid infrastructures)
  • Strong cross-functional collaboration skills, with the ability to influence and partner with IT, engineering, and executive stakeholders
  • Hands-on experience with vulnerability scanning tools and ticketing/reporting systems (e.g., Tenable, Qualys, ServiceNow, Jira)
  • Familiarity with standards and frameworks such as CVSSv3, EPSS, OWASP, NIST, MITRE ATT&CK, and emerging threat models
  • Professional-level English and Russian communication skills (B1-C1 or higher), including documentation, reporting, and executive briefings

About CoinsPaid

First seen: February 6, 2026
Last updated: February 24, 2026