You discover a high-severity security vulnerability affecting an internet-facing workload used by internal teams and client-serving operations. The issue appears in a cloud-hosted application integrated with identity, logging, and downstream policy systems, and there is pressure to move quickly because the exposure could affect sensitive business data. At the same time, the application owner is concerned that an aggressive fix could disrupt production workflows during a busy renewal period, and leadership wants a clear recommendation on whether to patch immediately, apply compensating controls, or temporarily restrict access. You need to coordinate security, infrastructure, application, and business stakeholders while balancing risk reduction, service continuity, and auditability.
Describe a time you identified and mitigated a security vulnerability. How did you assess the risk, align stakeholders, decide on the mitigation path, and execute the fix while protecting business operations?