Key skills
Vulnerability ManagementBug Bounty ProgramsVulnerability ResearchVulnerability ValidationVulnerability RemediationPenetration TestingAI/ML for Security AutomationInternal Tool DevelopmentSoftware DevelopmentRisk ScoringSecurity Compliance StandardsSoftware Bill of Materials (SBOM)ResilienceGolangRustAIMLLeadership
About this role
1Password is a rapidly growing company recognized for its innovative cybersecurity solutions. They are seeking a Senior Security Engineer to lead and enhance their Vulnerability Management program, focusing on security solutions, vulnerability identification, and remediation strategies.
Responsibilities:
- Design, build, integrate and scale new security solutions to power our vulnerability management program
- Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources
- Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)
- Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities
- Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences
- Contribute to the design of risk-scoring and SLA models that align with business priorities
- Evaluate, build, and pilot AI-powered tools and workflows that improve the efficiency and effectiveness of vulnerability detection and remediation
- Mentor other engineers and help shape the evolution of our vulnerability management strategy
Requirements:
- You have 5+ years of career experience in IT or Engineering with a security focus
- You have a passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting
- You have experience leveraging AI/ML capabilities to accelerate security workflows, automate repetitive tasks, or enhance detection and remediation efforts
- You have experience with internal tool development and engineering enablement
- You have a strong foundational understanding of software development principles, and are comfortable reading and writing code
- You work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders
- You are comfortable owning and setting technical direction for small to medium sized initiatives
- You're adaptable and resilient, thriving in fast-paced environments with shifting priorities
- Experience with Rust and/or Golang, or a demonstrated ability to pick up new languages quickly
- Experience with popular compliance standards and certifications (e.g. SOC2, ISO, PCI)
- Experience building or maintaining vulnerability management programs in medium to large sized organizations
- Familiarity with Software Bill of Materials (SBOMs) and their application in vulnerability management and software supply chain risk