Senior Security Engineer

Responsibilities

• Own and operate the vulnerability management lifecycle, including continuous scanning, risk-based prioritization, and remediation tracking.
• Perform penetration testing on web applications, APIs, and cloud environments.
• Validate and triage vulnerabilities to eliminate false positives and ensure findings are actionable.
• Partner with engineering teams to remediate vulnerabilities and prevent recurrence.
• Implement and manage security tools for SAST, DAST, dependency scanning, and container scanning.
• Develop repeatable testing methodologies and automation for security processes.
• Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.
• Track metrics and report on risk posture and remediation progress.

Requirements

• 5–9+ years of experience in security engineering, vulnerability management, or penetration testing.
• Hands-on experience with web and API security testing.
• Deep knowledge of common vulnerabilities, including OWASP Top 10, misconfigurations, and authentication flaws.
• Strong understanding of attack techniques and exploitation methods.
• Experience using security scanning tools and frameworks.
• Ability to analyze and validate vulnerabilities within real-world systems.
• Familiarity with cloud environments, with a preference for Azure.

Preferred Qualifications

• Experience automating security testing within CI/CD pipelines.
• Familiarity with container and Kubernetes security.
• Experience with bug bounty programs or red teaming exercises.
• Relevant industry certifications such as OSCP, CEH, or GWAPT.

About the Company

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care.