Senior Vulnerability Management Engineer

We are seeking a highly experienced and technically proficient Senior Vulnerability Management Engineer to lead and mature our enterprise vulnerability management program. This critical role involves architecting, implementing, and optimizing vulnerability scanning and remediation processes, with a strong emphasis on automation, securing our cloud infrastructure, and managing traditional on-premises systems. The ideal candidate will be a subject matter expert in cloud and traditional security, possess advanced scripting capabilities, and be adept at driving significant security improvements across large, complex environments.

• Lead the Vulnerability Management Program: Strategically design, implement, and continuously mature the vulnerability scanning and management program across the enterprise, including on-premises infrastructure (servers, network devices), applications, containers, and complex cloud environments.
• Automation and Engineering: Architect, develop, and maintain robust automation pipelines to integrate vulnerability scanners with cloud APIs, asset inventory, and orchestration tools, significantly reducing manual efforts and improving data accuracy.
• Cloud and Infrastructure Security Expertise: Serve as a subject matter expert for identifying, assessing, and remediating vulnerabilities specific to both cloud and on-premises services and configurations.
• Risk Analysis and Prioritization: Continuously refine the risk-based prioritization methodology, ensuring the highest severity and most exploitable vulnerabilities are addressed first, collaborating closely with development and infrastructure teams.
• Tool Management: Evaluate, deploy, configure, and maintain advanced vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7), ensuring optimal coverage, accuracy, and integration across the hybrid environment.
• Mentorship and Documentation: Mentor junior team members, develop detailed technical documentation, and define best practices for vulnerability identification, reporting, and remediation.
• Reporting and Metrics: Define, track, and present advanced security metrics (KPIs/KRIs) and management-level reports on the overall vulnerability posture, remediation trends, and program effectiveness.
• Process Improvement: Drive measurable improvements in the mean time to detect (MTTD) and mean time to remediate (MTTR) vulnerabilities.

• 7+ years of progressive experience in Information Security, with at least 3 years dedicated to a senior/lead role in Vulnerability Management.
• High-level proficiency in scripting for developing security automation, API integration, data manipulation, and building custom security and reporting tools.
• Deep, hands-on experience securing large-scale cloud environments and traditional on-premises enterprise systems.
• Expertise in administering and tuning enterprise-grade vulnerability scanning solutions (e.g., Tenable.io/Nessus, Qualys, Rapid7 Nexpose) across both cloud and on-premises assets.
• Thorough understanding of vulnerability scoring standards (CVSS v3+) and the methodologies used to prioritize risks based on business context and threat intelligence.
• Experience with CI/CD pipeline security, DevSecOps practices, and integrating security testing into the development lifecycle.

• Experience with advanced data analytics platforms (e.g., ELK Stack) for security data visualization and correlation.
• Direct experience with container and orchestration security scanning (e.g., Docker, Kubernetes).
• Experience in developing solutions leveraging configuration management tools (e.g., Terraform, Ansible, Chef).

About Zoox

Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.

Follow us on LinkedIn

Accommodations

If you need an accommodation to participate in the application or interview process please reach out to accommodations@zoox.com or your assigned recruiter.

A Final Note:

You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.