Senior Vulnerability Engineer
Keeper Security, Inc.
full-time
Posted on:
Location Type: Remote
Location: California • Illinois • United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Design and implement scalable vulnerability scanning and asset discovery solutions across multi-cloud and SaaS environments
- Engineer and maintain integrations between vulnerability management tools and internal systems, including CI/CD platforms, ticketing systems, and source control tools
- Automate vulnerability ingestion, enrichment, prioritization, and remediation workflows using APIs and scripting
- Develop risk-based prioritization models by correlating vulnerability data with threat intelligence and exploit activity
- Build and maintain pipelines to integrate vulnerability scanning into CI/CD processes
- Create dashboards and analytics to track vulnerability exposure, remediation SLAs, and risk trends
- Continuously improve coverage and accuracy of asset inventory and scanning capabilities
- Monitor and respond to zero-day vulnerabilities, CISA KEV bulletins, and active exploit campaigns
- Partner with Engineering and DevOps teams to troubleshoot and remediate vulnerabilities in applications and infrastructure
- Contribute to secure architecture and hardening efforts across cloud and application environments
- Support compliance requirements, including FedRAMP, StateRAMP, SOC 2, ISO 27001, and NIST SP 800-53, through technical implementation and evidence generation
- Document systems, workflows, and automation for repeatability and scale
- Support the execution of red team exercises, penetration tests, and bug bounty programs in alignment with real-world threat scenarios
- Coordinate and validate findings from internal and external testing activities, ensuring accuracy, severity calibration, and reproducibility
- Integrate offensive security findings into vulnerability management workflows to drive prioritized remediation
- Partner with external vendors and researchers to triage submissions and improve signal quality in bug bounty programs
- Continuously improve testing methodologies, coverage, and tooling to reflect evolving attack techniques
- Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses
Requirements
- 5–8+ years of experience in vulnerability management, security engineering, or related technical roles
- Strong hands-on experience with vulnerability scanning tools, CVE/CVSS scoring, and exploit analysis
- Experience building automation using Python, PowerShell, or similar scripting languages
- Experience working with APIs and integrating security tools into engineering workflows
- Strong understanding of cloud platforms, including AWS, GCP, and Azure, as well as modern application architectures
- Experience embedding security into CI/CD pipelines and developer workflows
- Ability to troubleshoot vulnerabilities across system, network, and application layers
- Hands-on experience with penetration testing, red teaming, or bug bounty programs, including triage and validation of findings
- Working knowledge of compliance frameworks such as NIST SP 800-53, CIS Controls, ISO 27001, and SOC 2
Benefits
- Medical, Dental & Vision (inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401K (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
- Above market annual bonuses
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
vulnerability managementvulnerability scanningexploit analysisautomationPythonPowerShellAPIspenetration testingred teamingbug bounty
Soft Skills
troubleshootingcollaborationdocumentationcommunicationproblem-solving
Certifications
FedRAMPStateRAMPSOC 2ISO 27001NIST SP 800-53