Senior Vulnerability Engineer

About The Position

Requirements

• 5–8+ years of experience in vulnerability management, security engineering, or related technical roles
• Strong hands-on experience with vulnerability scanning tools, CVE/CVSS scoring, and exploit analysis
• Experience building automation using Python, PowerShell, or similar scripting languages
• Experience working with APIs and integrating security tools into engineering workflows
• Strong understanding of cloud platforms, including AWS, GCP, and Azure, as well as modern application architectures
• Experience embedding security into CI/CD pipelines and developer workflows
• Ability to troubleshoot vulnerabilities across system, network, and application layers
• Hands-on experience with penetration testing, red teaming, or bug bounty programs, including triage and validation of findings
• Working knowledge of compliance frameworks such as NIST SP 800-53, CIS Controls, ISO 27001, and SOC 2

Nice To Haves

• Certifications such as OSCP, GIAC, CISSP, or similar
• Experience with data analytics and visualization tools such as Splunk or Elastic
• Background in offensive security, red teaming, or exploit development
• Experience working with bug bounty platforms and external researcher communities
• Experience with asset inventory platforms, CMDBs, or cloud-native security tooling
• Experience building internal security tools or security platforms
• Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent practical experience

Responsibilities

• Design and implement scalable vulnerability scanning and asset discovery solutions across multi-cloud and SaaS environments
• Engineer and maintain integrations between vulnerability management tools and internal systems, including CI/CD platforms, ticketing systems, and source control tools
• Automate vulnerability ingestion, enrichment, prioritization, and remediation workflows using APIs and scripting
• Develop risk-based prioritization models by correlating vulnerability data with threat intelligence and exploit activity
• Build and maintain pipelines to integrate vulnerability scanning into CI/CD processes
• Create dashboards and analytics to track vulnerability exposure, remediation SLAs, and risk trends
• Continuously improve coverage and accuracy of asset inventory and scanning capabilities
• Monitor and respond to zero-day vulnerabilities, CISA KEV bulletins, and active exploit campaigns
• Partner with Engineering and DevOps teams to troubleshoot and remediate vulnerabilities in applications and infrastructure
• Contribute to secure architecture and hardening efforts across cloud and application environments
• Support compliance requirements, including FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST SP 800-53, through technical implementation and evidence generation
• Document systems, workflows, and automation for repeatability and scale
• Support the execution of red team exercises, penetration tests, and bug bounty programs in alignment with real-world threat scenarios
• Coordinate and validate findings from internal and external testing activities, ensuring accuracy, severity calibration, and reproducibility
• Integrate offensive security findings into vulnerability management workflows to drive prioritized remediation
• Partner with external vendors and researchers to triage submissions and improve signal quality in bug bounty programs
• Continuously improve testing methodologies, coverage, and tooling to reflect evolving attack techniques
• Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses

Benefits

• Medical, Dental & Vision (inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
• Voluntary Short/Long Term Disability Insurance
• 401K (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
• Above market annual bonuses