Vulnerability Operations Engineer - Remote

About The Position

Requirements

• Individual contributor role
• AI-powered scanning
• AI coding agents
• Azure DevOps pipelines
• Code review and merge authority
• Static analysis
• Software composition analysis (SCA)
• Cloud posture assessments
• Reachability analysis
• Threat intelligence feeds
• CVE disclosures
• Coordinated disclosure programs
• Code patches
• Dependency upgrades
• Configuration changes
• Vulnerability management system
• SLA lifecycle
• VulnOps tooling
• Veracode
• Orca
• Claude Code
• Azure DevOps security integrations
• Automated remediation pipelines
• CI/CD workflows
• Secure coding practices
• Dependency management
• NIST CSF
• PCI DSS
• CJIS

Responsibilities

• Operate and continuously improve an AI-powered scanning pipeline across CentralSquare's first-party codebases, open-source dependencies, and infrastructure components
• Use Claude Code, Veracode, and Orca to conduct ongoing static analysis, software composition analysis (SCA), and cloud posture assessments
• Apply reachability analysis to distinguish genuinely exploitable vulnerabilities from theoretical findings, reducing alert fatigue and focusing remediation effort where risk is real
• Monitor threat intelligence feeds, CVE disclosures, and coordinated disclosure programs (including Project Glasswing patch releases) to identify newly disclosed vulnerabilities affecting CentralSquare's software supply chain
• Develop and validate fixes (code patches, dependency upgrades, configuration changes) using AI coding agents such as Claude Code, verifying resolution without regressions before submission
• Submit validated fixes as pull requests into owning teams' Azure DevOps repositories, with clear documentation of the vulnerability, risk context, and fix rationale to support efficient review and merge
• Collaborate with application and infrastructure teams during code review, providing technical context and responding to questions about proposed changes
• Own the end-to-end SLA lifecycle for all open findings, maintaining real-time tracking of detection, fix submission, and merge status in the vulnerability management system
• Proactively escalate findings approaching SLA breach with remediation options and risk context
• Produce regular reporting on pipeline health, SLA adherence, remediation velocity, and open risk posture for the security leadership team
• Own the configuration, tuning, and operational health of VulnOps tooling including Veracode, Orca, Claude Code, and Azure DevOps security integrations
• Identify and reduce false positive rates through policy tuning and reachability filtering, ensuring signal quality remains high as scan volume increases
• Contribute to the development of automated remediation pipelines, including AI-assisted fix generation integrated directly into CI/CD workflows
• Evaluate and recommend new tools and capabilities as the AI security tooling landscape evolves
• Work closely with application engineering, DevOps, and infrastructure teams to ensure fix delivery is efficient and minimally disruptive to development velocity
• Provide security guidance to engineering teams on secure coding practices and dependency management in the context of AI-accelerated vulnerability discovery
• Partner with the Risk and Compliance team to ensure vulnerability data and SLA metrics align with audit and regulatory reporting requirements (NIST CSF, PCI DSS, CJIS)
• Perform other duties as assigned

Benefits

• Tuition reimbursement
• Parental leave
• Paid volunteer hours
• Unlimited PTO
• Flexible work environment