Sr. Security Engineer - Vulnerability Operations

Purpose of the Job :

As members of 6sense’s Security department, the Security Engineering team protects the platform across application, infrastructure, and cloud domains. The Vulnerability Operations function ensures that vulnerabilities are identified, triaged, validated, and remediated in a consistent, timely, and risk‑based manner. Senior Security Engineers work closely with Engineering, CloudOps, Product, and GRC teams to operationalize vulnerability management processes, build automation, standardize workflows, and ensure secure-by-default practices. 

Responsibilities & Accountabilities :

• Ensure vulnerability management tools (e.g., Wiz, Invicti, Rapid7, GHAS, Ox) are correctly configured for appropriate coverage and accurate detection. 
• Perform hands-on triage, validation, and root cause analysis of vulnerabilities across AppSec, InfraSec, and CloudSec. 
• Track and report vulnerability status against SLAs, escalating to engineering owners as needed. 
• Build and maintain dashboards, filters, reports, and triage scripts to support visibility and automation. 
• Assist engineering teams in reproducing and remediating vulnerabilities, providing actionable guidance. 
• Support the bug bounty program operations (not ownership), including validation and coordination with engineering teams. 
• Conduct security reviews and threat modeling for high-risk systems or changes. 
• Participate in initiatives that holistically address systemic or multi‑domain vulnerabilities. 
• Contribute to development of automated security testing pipelines for validation of fixes. 
• Participate in on-call or off‑hours incident response related to critical vulnerabilities and time‑sensitive patches. 
• Contribute to quarterly OKRs and security engineering roadmap initiatives. 

Performance Measurement :

• Understands 6sense’s product, architecture, cloud footprint, and environment in depth. 
• Takes ownership of vulnerability triage and prioritization while escalating where required. 
• Proactively identifies and escalates AI/ML‑related vulnerabilities or misconfigurations in systems integrating LLMs or automated decisioning. 
• Meets tight deadlines and SLAs for vulnerability response and validation. 
• Maintains accurate and up-to-date triage scripts, documentation, dashboards, and workflows. 
• Participates in weekly 1:1s and skip levels; provides clear progress updates. 
• Supports security engineers and development teams with accurate, actionable analysis. 
• Effectively participates in incident response and post‑incident remediation. 

Educational and Experience Requirements :

• 5+ years of experience in security engineering across vulnerability management, AppSec, CloudSec, or InfraSec. 
• Experience with vulnerability tools (e.g., Wiz, Rapid7, Invicti, GHAS, SAST/DAST) and triage workflows. 
• Understanding of cloud security (AWS preferred) and modern microservices architectures. 
• Experience identifying and mitigating AI/ML‑related security risks, including model abuse, prompt‑injection vulnerabilities, and risks introduced by LLM‑based features. 
• Experience with scripting/automation (Python, Bash, JavaScript, etc.). 
• Experience working directly with engineering teams to address vulnerabilities. 
• Familiarity with frameworks such as OWASP, NIST, CIS Benchmarks, MITRE ATT&CK. 
• Experience with IaC security (Terraform, CloudFormation, Pulumi) preferred but not required. 

Preferred Qualifications :

• Bachelor's degree in a related field 
• Relevant industry certifications, such as AWS, CNCF, and GIAC are highly desirable 

Competencies and Behaviors :

• Establishes strong credibility with engineering partners. 
• Maintains a professional, outcome-focused demeanor. 
• Advocates for vulnerability and security best practices. 
• Works independently on complex triage and analysis tasks. 
• Manages competing priorities effectively, escalating when appropriate. 
• Communicates clearly across technical and non-technical audiences. 
• Maintains accuracy, attention to detail, and documentation hygiene.