Senior Security Engineer, AI Vulnerability Management

What you’ll do Set Strategic RBVM Vision: Act as the technical lighthouse, defining the multi-year roadmap and driving the move toward Risk-Based Vulnerability Management (RBVM), prioritizing vulnerabilities based on real-world exploitability and business context. Architect Agentic AI Systems: Design and deploy AI agents that autonomously triage findings, correlate threat intelligence, and generate production-ready remediations (e.g., automated Pull Requests for dependency updates and config drift). Build Exposure Intelligence: Develop systems that correlate vulnerabilities with runtime context and infrastructure topology (Kubernetes/AWS) to accurately model real-world blast radius and ensure engineers only fix what is actually exploitable. Automate Triage & Self-Healing: Create "paved roads" and CI/CD guardrails that prevent specific vulnerability categories from ever reaching production, reducing manual toil for the entire engineering organization. Data-Centric Visibility: Build high-fidelity dashboards using LLM-powered summarization to translate complex security signals into actionable insights for engineering leadership. Lead Emergency Response: Orchestrate the technical response to high-impact zero-days by rapidly performing cross-environment blast-radius analysis. Drive Execution Ownership: Take full ownership of operational security work, ensuring that critical vulnerabilities are systematically eradicated while maintaining high engineering velocity. What you bring Experience: 5+ years in Security Engineering with a track record of leading high-impact automation or security platform initiatives at a Senior or Staff level. AI & Agentic System Fluency: Hands-on experience building or deploying agentic systems or LLM orchestration frameworks (e.g., LangChain, AutoGPT) to solve complex security or engineering problems at scale. Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty programs; a deep understanding of how attackers exploit vulnerabilities and how to translate those findings into systemic fixes. Engineering Excellence: Strong software engineering background with proficiency in Go or Python and a history of building scalable, API-driven security tooling. Modern Infrastructure Depth: Deep knowledge of securing AWS and Kubernetes-based architectures. Vulnerability Domain Knowledge: High familiarity with vulnerability categories, exploitability, and modern risk frameworks (CVSS, EPSS, CISA KEV). Detection Ecosystems: Experience with modern platforms like Snyk, Semgrep, Wiz, EndorLabs, or TruffleHog. Velocity Mindset: A commitment to reducing security friction and a track record of working effectively with high-velocity engineering teams.