Key skills
AIPostmanGitHubLeadershipProject ManagementRisk ManagementSnyk
About this role
Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish. They are seeking a Senior Security Engineer to join their Proactive Security team, focusing on maturing the vulnerability management program and ensuring identified risks are remediated across the enterprise.
Responsibilities:
- Contribute to and help mature our vulnerability management program, ensuring identified risks are remediated according to SLAs across the enterprise and business units
- Identify and report known vulnerabilities across infrastructure (cloud and on-prem), applications, software, AI systems, and external attack surface
- Monitor external attack surface exposures and contribute to remediation prioritization
- Produce vulnerability metrics, trending reports, and risk summaries for security leadership and business unit stakeholders
- Support alignment of the VM program with industry regulations and standards (PCI-DSS, SOC2, NIST CSF, ISO 27001)
- Collaborate with Security, IT, and BU Engineering teams to drive effective and measurable vulnerability and risk exposure outcomes
- Contribute to risk management and governance functions (e.g., risk register, key metrics, vulnerability reports)
- Develop and contribute to AI-assisted HITL (Human in the Loop) automation and workflows for Proactive Security initiatives
- Collaborate with and learn alongside other Proactive Security team members
Requirements:
- 8+ years of Information Technology / Security experience with 2-4+ years of hands-on experience in vulnerability management, attack surface management, or related security functions
- Working knowledge of security tools such as Wiz, Snyk, Qualys, Nessus, MS Defender, or similar platforms
- Experience with vulnerability prioritization frameworks (CVSS, EPSS, risk-based scoring)
- Experience with application security testing concepts and tools (SAST, DAST, IAST, Burp Suite, Postman, GitHub, etc.)
- Basic scripting or programming experience in any language, or a strong desire to develop this skill
- Ability to produce clear, actionable security reporting for both technical and non-technical audiences
- Hands-on experience with AI-assisted security workflows (prompt engineering, agent development, MCP tooling)
- Experience developing or contributing to process documentation
- Ability to work independently in a fully remote environment while managing multiple concurrent priorities
- Experience working in a multi-business-unit or enterprise environment
- Genuine curiosity and desire to grow
- CISSP or equivalent certification (GIAC, CISM, CRISC)
- Bachelor's degree in cybersecurity or equivalent work experience
- Hands-on Defensive or Offensive security training or work experience
- Project management knowledge, training and/or certifications