Senior Vulnerability Management Engineer

TL;DR

Senior Vulnerability Management Engineer: Leading the enterprise vulnerability management program with an accent on automation, cloud infrastructure security, and on-premises systems. Focus on architecting and implementing vulnerability scanning and remediation processes, driving security improvements across complex environments.

Location: Hybrid in Foster City, CA

Salary: $190,000 - $228,000 a year

Company

hirify.global is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market.

What you will do

• Lead the vulnerability management program across the enterprise, including on-premises infrastructure, applications, containers, and cloud environments.
• Architect, develop, and maintain automation pipelines to integrate vulnerability scanners with cloud APIs, asset inventory, and orchestration tools.
• Serve as a subject matter expert for identifying, assessing, and remediating vulnerabilities specific to both cloud and on-premises services and configurations.
• Refine the risk-based prioritization methodology, ensuring the highest severity and most exploitable vulnerabilities are addressed first.
• Evaluate, deploy, configure, and maintain advanced vulnerability scanning platforms, ensuring optimal coverage, accuracy, and integration across the hybrid environment.
• Define, track, and present advanced security metrics and management-level reports on the overall vulnerability posture, remediation trends, and program effectiveness.

Requirements

• 7+ years of experience in Information Security, with at least 3 years dedicated to a senior/lead role in Vulnerability Management.
• High-level proficiency in scripting for developing security automation, API integration, data manipulation, and building custom security and reporting tools.
• Deep, hands-on experience securing large-scale cloud environments and traditional on-premises enterprise systems.
• Expertise in administering and tuning enterprise-grade vulnerability scanning solutions across both cloud and on-premises assets.
• Thorough understanding of vulnerability scoring standards (CVSS v3+) and the methodologies used to prioritize risks based on business context and threat intelligence.
• Experience with CI/CD pipeline security, DevSecOps practices, and integrating security testing into the development lifecycle.

Nice to have

• Experience with advanced data analytics platforms (e.g., ELK Stack) for security data visualization and correlation.
• Direct experience with container and orchestration security scanning (e.g., Docker, Kubernetes).
• Experience in developing solutions leveraging configuration management tools (e.g., Terraform, Ansible, Chef).

Culture & Benefits

• Comprehensive package of benefits, including paid time off, hirify.global Stock Appreciation Rights, Amazon RSUs, health insurance, and disability insurance.
• Opportunity to be part of a fast-moving and highly execution-oriented team.