Staff Security Engineer – Vulnerability Management

About The Position

Requirements

• 8+ years of experience in cybersecurity or security engineering roles.
• Deep expertise in vulnerability management, security engineering, and modern infrastructure (cloud, containers, distributed systems).
• Strong programming/scripting skills (Python, Go, Java, or similar) with experience building automation at scale.
• Strong data mining and analytical capabilities with exceptional SQL skills; ability to query, transform, and analyze large security datasets to derive actionable insights and drive decision-making.
• Proven ability to operate with high ownership and deliver results independently.
• Strong understanding of systems, networking, identity, and security architecture.
• Ability to influence engineering teams and senior stakeholders with clear, outcome-oriented communication.

Nice To Haves

• Experience with vulnerability research, offensive security techniques, or threat modeling.
• Familiarity with attack surface management and exposure analysis at scale.
• Experience integrating security into CI/CD and DevSecOps practices.
• Working knowledge and applied experience with regulatory and control frameworks, including PCI and NYDFS, is a strong plus.
• Experience with SIEM, SOAR, and large-scale security data pipelines.
• Relevant security certifications (CISSP, OSCP, cloud security certifications) are a plus.

Responsibilities

• Own outcomes end-to-end with a strong sense of accountability; does not defer responsibility for gaps or failures.
• Drive work to closure with clear ownership of results, timelines, and quality.
• Proactively identify and address risks, gaps, and inefficiencies without waiting for direction.
• Maintain high standards of execution and hold self and others accountable to those standards.
• Establish and enforce strong operational discipline across services, including monitoring, alerting, and reliability.
• Ensure systems are observable, measurable, and consistently meet defined SLAs/SLOs.
• Drive improvements in availability, performance, and scalability through data-driven decisions.
• Reduce operational toil by simplifying systems, improving automation, and standardizing processes.
• Build and maintain durable pipelines and integrations across asset inventory, scanning, ticketing, and engineering workflows.
• Leverage advanced SQL and data mining techniques to analyze vulnerability, asset, and operational data; generate insights that drive prioritization, risk reduction, and system improvements.
• Apply a security-first engineering mindset from design through production and ongoing operations.
• Drive vulnerability research by analyzing systems, dependencies, and emerging threats to uncover exploitable weaknesses.
• Operate with an offensive security mindset, proactively identifying and validating real attack paths and risks.
• Lead and evolve attack surface and exposure management, maintaining continuous visibility into internal and external exposure across assets, services, and environments.
• Identify, prioritize, and reduce exposure through improvements in architecture, configuration, and implementation.
• Challenge assumptions and existing designs where risks are not adequately addressed, acting as a constructive disruptor.
• Integrate pragmatic, high-impact security improvements into engineering workflows without blocking delivery.
• Demonstrate a strong “learn and be curious” mindset to deeply understand systems, dependencies, and behaviors.
• Actively uncover service potential, hidden risks, scaling limits, and architectural gaps.
• Stay current with evolving technologies, threats, and engineering practices, applying insights to improve systems.
• Maintain urgency and consistently push for better outcomes, even under constraints.
• Follow through commitments with discipline and focus.
• Remove blockers, drive momentum, and ensure sustained progress across initiatives.
• Continuously raise the bar on quality, reliability, and security outcomes.
• Operate as a team player contributing daily alongside peers, including participation in on-call rotations.
• Provide advisory support to leadership while remaining grounded in execution and delivery.
• Influence without authority by setting a high bar for ownership, engineering rigor, and operational discipline.
• Mentor and elevate engineers through guidance, design reviews, and hands-on collaboration.
• Lead the full vulnerability lifecycle: discovery, validation, contextual risk analysis, prioritization, and remediation.
• Leverage threat intelligence and system context to distinguish true risk from noise.
• Drive automation across scanning, triage, remediation tracking, and reporting.
• Generate actionable insights that enable teams to reduce risk efficiently and measurably.
• Collaborate with infrastructure, cloud, DevOps, and product engineering teams to integrate security into delivery workflows.
• Partner with risk, governance, and incident response functions to ensure alignment on priorities and outcomes.
• Communicate clearly with technical and non-technical stakeholders on risk, trade-offs, and remediation strategies.

Benefits

• Competitive pay
• Benefits
• Flexibility to support your well-being and future
• Personalized development programs
• Mentorship
• Certification assistance