Key skills
AWSCloudPythonTerraformGolangServerlessLambdaCustomer Success
About this role
Role Overview
- Lead and own ongoing operation and maintenance of Samsara’s vulnerability management program, ensuring consistent execution of processes
- Assist in managing vulnerability scanning tools and help refine detection capabilities to improve accuracy and reduce false positives
- Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports
- Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices
- Assist in analyzing and triaging vulnerabilities, escalating critical issues to senior security engineers or Security Operations as needed
- Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure
- Contribute to documentation and process improvements to streamline vulnerability management workflows
- Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work
- Be regularly on call to support
Requirements
- 6+ years of relevant experience with demonstrated impact for security engineering and vulnerability management in an enterprise environment
- Significant experience with vulnerability management tooling, in particular modern toolsets such as Wiz, or Semgrep
- Deep subject matter expertise with security engineering best practices for subjects such as CVSS, EPSS
- Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business
- Excellent development background with experience in Python or GoLang
- Strong DevOps, DevSecOps, or SRE background with experience in AWS cloud services, and Terraform
- Experience using security automation platforms such as Tines and serverless frameworks such as AWS Lambda
- Deep understanding of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), or Software Composition Analysis (SCA)
Tech Stack
- AWS
- Cloud
- Python
- Terraform
Benefits
- flexible, employee-led remote model
- professional development stipend
- comprehensive health and parental leave plans
- above-market total compensation through a combination of base salary, performance-based bonus/variable pay, and equity (for eligible roles) in a high-growth public company
- foundations that enable long-term success