Senior Security Engineer, Vulnerability Automation
About The Position
This role is at the engineering heart of maturing Jane's vulnerability automation platform. The platform connects threat intelligence, AppSec findings, and Red Team outputs into automated protections and actionable remediation for dev teams. The team is close to a vision where a developer receives a draft, tested PR when a vulnerability is identified in their codebase, with only validated true positives shipped to their queues. The investigation, false positive filtering, and applicability assessment are the team's responsibility, not the dev teams'. The team experiments with AI constantly and shares learnings.
Requirements
- Demonstrated depth in security engineering, including shipped automation, pipelines, or internal security tooling that other teams actually used - with enough experience across the vulnerability lifecycle to know where the friction points are and how to engineer around them.
- Hands-on experience with Python and CI/CD security integrations, particularly GitHub Actions.
- A builder's mentality about AI - you experiment, you stay current, and you're energized by building smarter ways to solve problems. Active engagement with AI-assisted workflows and tooling is central to how this team operates and grows.
- Applied knowledge of web and API vulnerability classes - including how common attack vectors translate to real risk and how to provide remediation guidance tailored to the specific issue and team receiving it, rather than generic output from a scanner report.
- Familiarity with SAST, SCA, secret detection, DAST, and ASPM tooling is important.
- A track record of cross-team influence without authority - knowing how to read a room, adapt communication to your audience, and build the kind of credibility that makes engineers come to you proactively. Emotional intelligence is as important to us as technical skill, and it's a core part of how this team operates.
- A track record as a force multiplier - you've set technical direction that others have followed, mentored engineers at various levels, and shared your knowledge freely enough that the teams around you got meaningfully better because of it.
Nice To Haves
- Experience with mobile application vulnerabilities is a bonus.
Responsibilities
- Design, build, and own the vulnerability engineering pipeline - from threat intelligence ingestion through automated PR generation - establishing the technical architecture and standards that the rest of the team builds on as the platform matures.
- Raise the team's bar for building with AI by experimenting openly, sharing what works and what doesn't, and helping every member of the security team elevate how they work with AI-powered tooling.
- Partner deeply with dev teams across Jane to make security feel like a service, not a burden - doing the investigative work upfront, shipping only validated true positives, and following up on SLA gaps in ways that keep relationships strong.
- Coordinate complex, multi-team vulnerability findings by owning the communication, tracking resolution progress, and keeping things moving without needing to escalate every sticking point.
- Contribute to the team's on-call rotation, building and improving runbooks and post-incident reviews that make every response faster and sharper than the last.
Benefits
- Comprehensive benefits package
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
