Sr. Staff Vulnerability & AI Security Engineer (Hybrid)

About The Position

Requirements

• 8+ years of security engineering experience with a heavy focus on vulnerability management, AppSec, or cloud security.
• Staff-Level Influence: Proven track record of leading complex, enterprise-wide security programs and driving technical change across diverse engineering organizations.
• Cloud Depth: Strong hands-on experience in AWS, GCP, or Azure, specifically regarding identity, secure configuration, and automated telemetry.
• Tooling Mastery: Deep expertise in the modern security stack (SAST/DAST/SCA, scanners, and automated ticketing workflows).
• Regulatory Fluency: Practical understanding of how vulnerability evidence supports compliance in regulated environments (NIST SP 800-171, CMMC Level 2, ITAR).
• Communication: Exceptional ability to translate a complex CVE into a business risk narrative for non-technical stakeholders.

Nice To Haves

• AI Security Practitioner: Experience implementing technical enforcement (not just policy) for AI usage and data leakage prevention.
• Automation Specialist: Experience building automated triage and enrichment workflows to reduce "security friction" for developers.
• Aerospace/Defense Background: Prior experience in high-stakes, auditable environments where "checkbox security" isn't an option.

Responsibilities

• Architect Enterprise Strategy: Design and own the end-to-end vulnerability management architecture—from discovery and coverage to automated validation and executive reporting.
• Risk-Based Prioritization: Establish a sophisticated prioritization model that integrates asset criticality, threat intelligence, and exploitability to ensure engineering teams focus on the "critical few" over the "noisy many."
• Technical AI Governance: Lead the technical implementation of AI security; design and deploy guardrails for GenAI usage, detect "Shadow AI," and build technical controls to prevent IP leakage into public LLMs.
• Attack Surface Engineering: Partner with Cloud and Infrastructure teams to integrate CNAPP/CSPM findings and build automated workflows that reduce configuration-driven exposure in AWS/Azure.
• Shift-Left Leadership: Drive DevSecOps excellence by embedding SAST/DAST/SCA and secrets scanning into CI/CD pipelines, preventing vulnerabilities from reaching production.
• Metrics & Storytelling: Define and operationalize technical KPIs (MTTR, risk burn-down, coverage) that translate raw technical data into business risk for executive leadership.
• Tactical Response: Lead high-severity vulnerability response efforts, providing technical validation, containment strategies, and verification of remediation.
• Technical Mentorship: Act as a "multiplier" by setting engineering standards, mentoring security analysts, and leading cross-functional remediation initiatives through technical influence rather than just authority.