Senior Security Engineer, Vulnerability Management

1Password is a leading company in cybersecurity, focused on building a safe and productive digital future. They are seeking a Senior Security Engineer for their Vulnerability Management team to enhance their vulnerability management program and ensure the highest standards of trust and safety for users.

Responsibilities:

• Design, build, integrate and scale new security solutions to power our vulnerability management program
• Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources
• Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)
• Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities
• Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences
• Contribute to the design of risk-scoring and SLA models that align with business priorities
• Evaluate, build, and pilot AI-powered tools and workflows that improve the efficiency and effectiveness of vulnerability detection and remediation
• Mentor other engineers and help shape the evolution of our vulnerability management strategy

Requirements:

• 5+ years of career experience in IT or Engineering with a security focus
• A passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting
• Experience leveraging AI/ML capabilities to accelerate security workflows, automate repetitive tasks, or enhance detection and remediation efforts
• Experience with internal tool development and engineering enablement
• A strong foundational understanding of software development principles, and are comfortable reading and writing code
• Work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders
• Comfortable owning and setting technical direction for small to medium sized initiatives
• Adaptable and resilient, thriving in fast-paced environments with shifting priorities
• Experience with Rust and/or Golang, or a demonstrated ability to pick up new languages quickly
• Experience with popular compliance standards and certifications (e.g. SOC2, ISO, PCI)
• Experience building or maintaining vulnerability management programs in medium to large sized organizations
• Familiarity with Software Bill of Materials (SBOMs) and their application in vulnerability management and software supply chain risk