Senior Vulnerability Management Engineer

What You’ll Do:

• Lead and manage the vulnerability management program, ensuring timely identification, assessment, and remediation of vulnerabilities.
• Conduct regular vulnerability assessments using tools such as Qualys, Veracode, Snyk, Prisma Cloud, Burp Suite, and BrightSec.
• Perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) services.
• Investigate Common Vulnerabilities and Exposures (CVE) to determine their impact on the organization and recommend appropriate mitigation strategies.
• Engage with stakeholders, including engineering teams, to communicate vulnerabilities, steps to reproduce, and provide mitigation support.
• Drive the security exception process and ensure compliance with internal security policies and standards.
• Collaborate with third-party penetration testers and act as a bridge between engineering teams and external testers to address technical gaps.
• Work with engineering teams to remediate vulnerabilities within defined Service Level Agreements (SLAs) to meet compliance requirements.
• Support the compliance team and work on improving internal security processes.
• Conduct occasional internal penetration tests to identify and address security weaknesses.
• Utilize centralized vulnerability management tools like DefectDojo for tracking and reporting vulnerabilities.
• Engage with product owners to understand enhancements and ensure the security scan scope is comprehensive.
• Investigate vulnerabilities reported by external security researchers, reproduce reported issues, and assist engineers in fixing them.
• Manage the security scorecard and help the organization maintain advanced scores.
• Keep the leadership team informed by sharing security scorecards and metrics.
• Introduce new security services and fine-tune current security processes.

What You’ll Bring:

• 5+ years of experience in information security, with a focus on vulnerability management.
• Proficient understanding of security attacks, including OWASP Top 10 and SANS Top 25.
• Hands-on experience with security tools such as Qualys, Veracode, Snyk, Prisma Cloud, Burp Suite, and BrightSec.
• Basic understanding of AWS cloud and experience working in cloud security is an added advantage.
• Strong analytical and problem-solving skills with the ability to investigate and assess the impact of vulnerabilities.
• Excellent communication skills to effectively engage with stakeholders and engineering teams.
• Experience in driving security exception processes and supporting compliance initiatives.
• Familiarity with centralized vulnerability management tools like DefectDojo.
• Ability to perform occasional internal penetration tests and support third-party pentesting efforts.