Overview:
This role will own the engineering layer of our vulnerability management operations: the integrations, pipelines, dashboards, and AI-assisted workflows that turn raw tool output into actionable, business-unit-specific insight. This role exists to relieve operational concentration risk on the vulnerability management function and to deliver visible AI-driven productivity gains across the security program. This is a hybrid on-site position, with a requirement to be in office three times per week.
What You Will Own
• Integration and automation across the security tooling stack, including data normalization, deduplication, and enrichment pipelines.
• AI-assisted reporting pipelines that transform tool output into business-unit-specific narratives for monthly metric reviews, replacing manual report assembly.
• LLM-integrated workflows for alert triage, vulnerability summarization, remediation guidance generation, and finding prioritization.
• Evaluation, prototyping, and operationalization of emerging AI security tools — including agentic testing platforms and AI-driven offensive security tooling — with clear, evidence-based recommendations on what to adopt.
• Ownership of the technical infrastructure behind monthly business unit metric reviews — dashboards, data quality, and the pipeline from tool to executive-ready output.
• Partnership with the vulnerability management lead to encode operational knowledge into automation, reducing single-person dependency on the function.
• Contributing to the AI governance posture for security operations — documenting prompts, model selection, validation approaches, and human-in-the-loop checkpoints.
Required Qualifications
• 5+ years in a security engineering, detection engineering, SOAR, or security automation role with significant production coding responsibility.
• Strong Python skills, with demonstrated experience building integrations against REST APIs, working with structured data at scale, and shipping code to production.
• Hands-on experience with at least two of: Tenable, CrowdStrike, Wiz, Qualys, Rapid7, Splunk, or equivalent enterprise security platforms.
• Practical experience integrating LLMs into production workflows — direct API usage (Anthropic, OpenAI, or equivalent), prompt engineering for production reliability, and an understanding of failure modes including hallucination, prompt injection, and cost management.
• Comfortable working in CI/CD, infrastructure-as-code, and modern cloud environments.
• Clear written communication — capable of producing internal documentation, runbooks, and executive-ready summaries.
Preferred Qualifications
• Experience with agent frameworks (LangChain, LlamaIndex, or equivalent) and with retrieval-augmented generation patterns applied to security data.
• Background in SOAR development (Tines, Torq, Cortex XSOAR, Splunk SOAR) or detection-as-code workflows.
• Familiarity with the security tooling vendor landscape and ability to make pragmatic build-vs-buy recommendations.
• Prior work in a multi-tenant or multi-business-unit environment where data isolation and per-tenant reporting matter.
• Exposure to AI security risks — prompt injection, model abuse, data leakage — and approaches to mitigating them in production systems.
Never miss an opportunity! Create an alert based on the job you applied for.