Zocdoc’s most important asset is our people and our platform. As a Senior Staff Engineer, Vulnerability Management, you’ll play a meaningful role in strengthening both by architecting and scaling our next-generation vulnerability detection and remediation ecosystem across Compliance, Security, and Engineering. In this role, you’ll help move our security posture from reactive firefighting to predictive, continuous risk reduction through intelligent automation, deeper full-stack visibility, and faster remediation across infrastructure, containers, and application code. You’ll enjoy this role if you are… Personally motivated by building secure, scalable systems that reduce real-world risk at scale. Autonomous, urgent, and creative, and you love turning noisy security findings into actionable engineering outcomes. Highly collaborative and energized by working across Security, Compliance, Engineering, and DevOps teams. Passionate about offensive security, adversarial validation, and understanding how theoretical vulnerabilities translate into operational exposure. A systems thinker who can connect infrastructure, application security, compliance, and automation into one cohesive program. The kind of person who enjoys pairing deep technical judgment with practical execution and measurable impact. Serious about your work, but not about yourself. Your day to day is… Owning the technical roadmap for an automated, AI-driven vulnerability scanning platform across cloud infrastructure, container registries, operating systems, and application-layer software. Building context-engine models that correlate findings from SAST, DAST, SCA, and cloud posture tooling to determine true runtime exploitability. Implementing AI-assisted triage workflows that classify vulnerabilities, reduce false positives, and route validated issues to the right engineering teams. Leading targeted red teaming and collaborative purple teaming exercises to validate exploitable paths and strengthen runtime defenses. Partnering directly with Software Engineering and DevOps to build automated remediation pipelines, including dependency update pull requests and base-image patching workflows. Engineering security scanning guardrails into CI/CD pipelines and providing structured telemetry to support continuous compliance and executive risk visibility. Working with cutting-edge GenAI tools and technology to analyze findings, improve prioritization, and accelerate remediation workflows.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed