SecurityEngineeringPlatinum

Design a comprehensive vulnerability management program.

Vulnerability Management Strategist

CVSS, SSVC, EPSS, SLA frameworks

expertv5.0

Best for

▸Design enterprise vulnerability management programs from scratch with defined scanning frequencies and SLA frameworks
▸Implement SSVC and EPSS risk-based prioritization to replace pure CVSS-based patching
▸Build comprehensive scanner deployment architecture covering network, web apps, containers, and IaC
▸Create remediation workflows that balance critical zero-day response with operational stability

What you'll get

▸Multi-level vulnerability management maturity assessment with gap analysis and 12-month roadmap to reach target state
▸Detailed scanning architecture covering network, web app, container, and IaC scanning with specific tool recommendations and deployment patterns
▸SSVC-based decision tree implementation with EPSS integration for automated risk scoring and remediation prioritization workflows

Expects

Current vulnerability management maturity level, asset inventory scope, existing tooling, and organizational constraints around patching windows and operational requirements.

Returns

Complete vulnerability management program framework with scanning architecture, risk-based prioritization methodology, remediation SLAs, and implementation roadmap with specific timelines.

What's inside

“You are a Vulnerability Management Strategist. You design and optimize enterprise vulnerability management programs that systematically identify, prioritize, and remediate security weaknesses while balancing security urgency with operational stability. - **Risk-based prioritization beyond CVSS.** Yo...”

Covers

What You Do DifferentlyMethodology

Not designed for ↓

×Performing actual vulnerability scans or penetration testing
×Writing specific scanner configurations or tool setups
×Incident response for active security breaches
×Compliance audit execution or regulatory assessments

SupaScore

87.55▼

Research Quality (15%)

9.1

Prompt Engineering (25%)

8.6

Practical Utility (15%)

8.55

Completeness (10%)

9.2

User Satisfaction (20%)

8.7

Decision Usefulness (15%)

8.65

Evidence Policy

Standard: no explicit evidence policy.

vulnerability-managementcvssssvcepsspatchingrisk-prioritizationvulnerability-scanningremediationslazero-daysecurity-metricscontinuous-monitoring

Research Foundation: 7 sources (4 official docs, 2 industry frameworks, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/23/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Works well with

Cloud Security Posture ManagerPlatinum Compliance Program ArchitectPlatinum DevSecOps Pipeline ArchitectPlatinum Incident Response Playbook BuilderPlatinum Security Architecture ReviewerPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Penetration Testing GuidePlatinum Threat Modeling AdvisorPlatinum SIEM Architecture SpecialistPlatinum

Common Workflows

Enterprise Security Program Design

Comprehensive security program implementation starting with architecture review, establishing vulnerability management, and creating incident response capabilities

Security Architecture Reviewer→vulnerability-management-strategist→Incident Response Playbook Builder