Senior Security Engineer, Vulnerability Management

CLEAR - Corporate•New York, NY

5h•Onsite

About The Position

CLEAR is building THE secure identity company of the future. Our mission is to make experiences safer and easier—physically and digitally. With more than 38 million Members and a growing network of partners across the world, CLEAR's secure identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or throughout your everyday life, CLEAR unlocks the magic of frictionless experiences. As a Senior Security Engineer, Vulnerability Management on our Product Security team you’ll help run and evolve CLEAR’s vulnerability management program across cloud, infrastructure, endpoints, and applications. You’ll operate the tools that surface risk (like Wiz, Tenable, and Github), turn findings into clear, actionable work, and partner with engineering teams to drive down real-world risk. Not just tickets.

Requirements

6+ years of experience in security engineering, vulnerability management, or security operations, ideally in a cloud‑first or SaaS environment.
Hands‑on experience working with at least one modern vulnerability or exposure management stack (e.g., Wiz, Tenable, Rapid7, GHAS, or similar).
Understanding of end‑to‑end VM workflows: scanning, triage, risk scoring, ticketing, validation, and reporting.
Working knowledge of modern cloud and infrastructure patterns (AWS preferred), including how services, hosts, containers, and repos map to real teams and products.
Strong written and verbal communication skills; can explain vulnerabilities, risk tradeoffs, and SLAs to both deeply technical engineers and non‑technical stakeholders.
Experience supporting regulated environments (e.g., FedRAMP, PCI, SOC2) and preparing vulnerability‑related evidence for audits.

Responsibilities

Monitor and triage findings from Wiz, Tenable, GHAS, and other scanners, ensuring issues are routed to the right owners with the right context and priority.
Manage on our centralized VM platform that aggregates findings across Wiz, Tenable, GHAS, and other sources and ensure consistent normalization, deduplication, and ownership mapping (e.g., by AWS tags, teams, or services) so we have a single, trustworthy view of risk.
Manage CLEAR’s risk scoring and SLA models (High/Critical, “Most Wanted” assets, ETC) within the VM platform and make sure we are tracking overdue findings, SLA adherence, backlog trends, and top risky assets/teams
Work directly with code, cloud, and endpoint teams to clarify findings, group related issues, and translate scanner output into concrete remediation plans that fit their roadmaps.
Partner with engineering to get fixes shipped Participate in regular triage / review sessions, help prioritize backlog items, and follow through to ensure high‑risk issues are validated and closed in the source tools (not just Jira).
Contribute to VM process and tool improvements with enhancements to connectors, data quality checks, scorecards, runbooks, and how‑to guides so vulnerability management processes are repeatable and easy to onboard to.