Senior Engineer - Vulnerability Management & DevSecOps
US-CO-Littleton
Attract-careers1
Req #: 93619
Type: Fulltime-Regular
|
|||||||||||
|
|||||||||||
Overview: Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow. Responsibilities: Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session. Key Responsibilities: * Architect, implement, and manage automated security tooling (e.g., SAST, DAST, IaC, container scanning, AI Security) across the SDLC, integrating with developer environments, CI/CD pipelines, and production systems * Lead and mature a comprehensive vulnerability management program, overseeing scanning, risk assessment, reporting, and remediation across applications, infrastructure, and third-party dependencies * Partner with engineering and product teams to embed secure development practices from design through deployment, providing expert guidance and integration support * Establish and refine vulnerability tracking and reporting processes, enabling rapid awareness, prioritization, and resolution of security issues through coordinated efforts across teams * Develop security policies and guardrails as code for cloud environments (AWS, Azure, GCP), ensuring automated enforcement of secure configurations and practices * Drive cross-functional collaboration with Dev, Ops, and InfoSec teams, providing mentorship, incident support, automation solutions, and reporting to strengthen the organization's security posture and culture * Oversee execution of regular asset discovery and vulnerability assessment scanning, interpret results, create and distribute reporting, educate and guide stakeholders, and prioritize remediation efforts based on risk * Provide expert guidance and integration support to empower asset owners to avoid risks and prevent risks from reaching production environments * Lead incident response activities related to vulnerabilities and misconfigurations, assisting with root cause analysis and mitigating control implementation #LI-JZ2 Qualifications: Education and Experience: * Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree or security certifications (CISSP, CSSLP, GCSA, CCSP) preferred * 5+ years of experience in DevSecOps and Vulnerability Management, with a strong record of technical leadership and program maturity * Deep hands-on experience with application security tools (e.g., SCA, SAST, DAST, IaC, Secrets, Container Scanning, AI Security) and integration into development workflows (e.g., Snyk, Veracode, SonarQube, Prisma) * Proficient in asset discovery and vulnerability scanning tools (e.g., Tenable, Rapid7, Palo Alto Cortex/Prisma/XSIAM/XSOAR), including report creation and dashboarding; XQL experience a plus * Familiar with Docker, Kubernetes, and their security implications, as well as development and project management tools like Jira, Confluence, and ServiceNow Skills and Qualifications: * Skilled in scripting and automation, with strong proficiency in Python (required) and familiarity with Bash, PowerShell, Go, and JavaScript; experienced with CI/CD pipelines and tools like Jenkins, GitLab, GitHub Actions, and Azure DevOps * Deep expertise in cloud and application security, including AWS, Azure, GCP, Terraform, OWASP Top 10/API Top 10, and vulnerability frameworks like SANS Top 25, KEV, and EPSS * Proven ability to lead and execute in dynamic environments, managing projects, prioritizing tasks, and driving results with minimal direction * Excellent communicator and collaborator, able to influence stakeholders and tailor messaging for both technical and non-technical audiences * Continuously learning and highly adaptable, with a strong security mindset, curiosity, and a commitment to knowledge sharing, documentation, and organizational success
Share this job:
