Senior Security Engineer, Vulnerability Management

Overview

We are excited to welcome a Senior Engineer to join our Vulnerability Management team nerability Management enables us to build and deliver secure products with confidence, owning the end-to-end vulnerability lifecycle from identification to remediation and reporting, including our bug bounty program, pentesting, supply chain management, and more.

This Senior Engineer will focus on maturing and scaling our vulnerability management program with new AI-powered tooling and workflows, while implementing vulnerability identification and remediation strategies across products, platforms, and infrastructure to maintain the highest standards of trust and safety for users.

• Design, build, integrate and scale new security solutions to power our vulnerability management program.
• Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources.
• Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program for technical, non-technical, compliance, and leadership audiences.
• Conduct detailed analysis to inform security development teams and eliminate classes of vulnerabilities.
• Partner with product and development teams to improve vulnerability triage workflows, validate findings, and propose remediation strategies aligned with good user experiences.
• Contribute to the design of risk-scoring and SLA models that align with business priorities.
• Evaluate, build, and pilot AI-powered tools and workflows to improve efficiency and effectiveness of vulnerability detection and remediation.
• Mentor other engineers and help shape the evolution of our vulnerability management strategy.

• You have 5+ years of career experience in IT or Engineering with a security focus.
• You have strong experience with bug bounty programs, vulnerability research, validation, remediation or pentesting.
• You have experience leveraging AI/ML capabilities to accelerate security workflows, automate tasks, or enhance detection and remediation.
• You have experience with internal tool development and engineering enablement.
• You have a strong understanding of software development principles and are comfortable reading and writing code.
• You work well in a team with positive communication across technical and non-technical stakeholders.
• You are comfortable owning and setting technical direction for small to medium initiatives.
• You are adaptable and thrive in fast-paced environments with shifting priorities.

• Experience with Rust and/or Golang, or ability to pick up new languages quickly.
• Experience with compliance standards and certifications (e.g., SOC2, ISO, PCI).
• Experience building or maintaining vulnerability management programs in medium to large organizations.
• Familiarity with Software Bill of Materials (SBOMs) and their use in vulnerability management and software supply chain risk.

USA-based roles:
The annual base salary is between 153,000 USD and 214,000 USD, plus benefits (health, dental, 401k and others), paid time off, an equity grant and participation in incentive programs.

Canada-based roles:
The annual base salary is between 143,000 CAD and 193,000 CAD, plus benefits (health, dental, RRSP and others), paid time off, an equity grant and participation in incentive programs.

1

Password approaches compensation with fair market value and internal equity aligned with experience and skill.

1

Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, color, religion, creed, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.

Accommodation is available upon request during the recruitment process. For accommodations, please contact our talent acquisition partner.