Govern Penetration Testing: Manage outsourced penetration testing programs, ensuring scopes align with compliance and business risk.
Audit Remediation: Oversee the vulnerability pipeline, ensuring findings are accurately translated into Jira tickets and tracking developer SLAs through to resolution.
Triage Bug Bounties: Act as the first line of defense for our crowdsourced vulnerability disclosure program; reproducing and validating exploit reports from external researchers.
Monitor & Analyze: Daily triage of our Threat Intelligence Platform (TIP) for credential exposures and active exploits.
Serve as the primary admin for our Enterprise Domain Management platform, handling registrations, renewals, and DNS security (DNSSEC, DMARC, etc.).
Actively monitor for typosquatting and brand impersonation, initiating takedowns when malicious intent is confirmed.
Design and analyze organizational phishing campaigns to improve employee resilience.
Serve as the lead investigator for user-reported phishing and social engineering attempts.

Requires 5+ years of related or equivalent experience within security operations, threat intelligence, or product security; or 3+ years with an advanced degree.
Proven experience manually validating web application and cloud vulnerabilities.
Ability to critically review third-party pentest reports to ensure vendor quality and accuracy.
Strong organizational discipline to manage external testing vendors, audit contractor workflows, and drive cross-functional remediation efforts without requiring direct authority.
Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies.

Threat Engineer

Key skills