Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. As a Senior Staff Engineer in Vulnerability Management, you will architect and scale a next-generation vulnerability detection and remediation ecosystem, enhancing the security posture through intelligent automation and deeper visibility across various platforms.
Responsibilities:
- Owning the technical roadmap for an automated, AI-driven vulnerability scanning platform across cloud infrastructure, container registries, operating systems, and application-layer software
- Building context-engine models that correlate findings from SAST, DAST, SCA, and cloud posture tooling to determine true runtime exploitability
- Implementing AI-assisted triage workflows that classify vulnerabilities, reduce false positives, and route validated issues to the right engineering teams
- Leading targeted red teaming and collaborative purple teaming exercises to validate exploitable paths and strengthen runtime defenses
- Partnering directly with Software Engineering and DevOps to build automated remediation pipelines, including dependency update pull requests and base-image patching workflows
- Engineering security scanning guardrails into CI/CD pipelines and providing structured telemetry to support continuous compliance and executive risk visibility
- Working with cutting-edge GenAI tools and technology to analyze findings, improve prioritization, and accelerate remediation workflows
Requirements:
- Meaningful experience in security engineering, vulnerability management, or software development, with at least 8 years focused on infrastructure, container platforms, and product security
- A proven track record of writing production-grade automation scripts and building custom security tooling at scale
- Hands-on experience planning or executing offensive security exercises, red teaming, purple teaming, or penetration testing
- Deep experience securing cloud infrastructure and containerized ecosystems using platforms such as AWS, GCP, or Azure, along with Docker and Kubernetes
- Advanced proficiency in Python, Go, or Rust to build automation, integrate scanner APIs, and orchestrate automated patching workflows
- Strong familiarity with adversarial frameworks, vulnerability scoring systems such as CVSS and EPSS, and common application and infrastructure attack vectors including the OWASP Top 10
- Experience integrating security scanners into CI/CD workflows and using AI or LLM APIs to analyze code or log data for rapid prioritization
- Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity
- Advanced security certifications such as OSCE, OSCP, GXPN, CISSP, or equivalent practical engineering experience are highly valued