Security Vulnerability Engineer

Primary Tasks and Responsibilities:

• ssist in defining, driving, and delivering key elements of Truveta's vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company

• Establish regular and actionable vulnerability reports for review by Leadership and Engineers

• Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements

• Establish vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams

• Proactively engage Engineering teams to ensure timely remediation of vulnerabilities identified during application security assessments, cloud infrastructure vulnerability scans, and manual application security tests

• bility to use automation tools to write orchestration playbooks to remediate configuration issues/apply patches, etc.

• Manage day-to-day operations of vulnerability identification and remediation at Truveta

• Be curious about Truveta's produces services and how cyber risks and vulnerabilities could impact operations

• Use prior experience to lead, mentor, and coach peers in effectively managing vulnerabilities

• Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services

• Continuously review security and privacy practices

• Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services

• Upkeep of vulnerability management security tooling

Key Qualifications:

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems

• 5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment

• Must have prior development experience with Python, .NET, and Java code languages

• Experience designing and managing a world-class vulnerability management program

• Excellent written and verbal skills

• bility to be a self-starter and motivated to help Engineering teams understand cyber security best practices

• dvanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools

• Experience creating and implementing strategies for complex systems

• Knowledge and experience with information security controls, infrastructure, and implementation techniques

Preferred Qualifications

• Experience in improving vulnerability remediation requirements

• Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations

• Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH

• Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)

• Experience in securely operating highly distributed systems with published SLAs

• Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2