Samsara is the pioneer of the Connected Operations™ Cloud, enabling organizations to harness IoT data for improved operations. The Senior Security Engineer will lead the vulnerability management program, collaborate with cross-functional teams to address vulnerabilities, and enhance security strategies.
Responsibilities:
- Lead and own ongoing operation and maintenance of Samsara’s vulnerability management program, ensuring consistent execution of processes
- Assist in managing vulnerability scanning tools and help refine detection capabilities to improve accuracy and reduce false positives
- Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports
- Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices
- Assist in analyzing and triaging vulnerabilities, escalating critical issues to senior security engineers or Security Operations as needed
- Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure
- Contribute to documentation and process improvements to streamline vulnerability management workflows
- Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work
- Be regularly on call to support
Requirements:
- 6+ years of relevant experience with demonstrated impact for security engineering and vulnerability management in an enterprise environment
- Significant experience with vulnerability management tooling, in particular modern toolsets such as Wiz, or Semgrep
- Deep subject matter expertise with security engineering best practices for subjects such as CVSS, EPSS
- Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business
- Excellent development background with experience in Python or GoLang
- Strong DevOps, DevSecOps, or SRE background with experience in AWS cloud services, and Terraform
- Experience using security automation platforms such as Tines and serverless frameworks such as AWS Lambda
- Deep understanding of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), or Software Composition Analysis (SCA)
- Practical experience managing vulnerabilities within a FedRAMP-certified environment
- Experience integrating vulnerability management into modern CI/CD pipelines with a “shift-left” mentality