Senior Security Engineer

Summary

Join GoDaddy's Vulnerability Management team as a Vulnerability Management Engineer and contribute to enhancing the company's security posture. You will develop the architecture and capability roadmap, collaborating with cross-functional teams to identify and remediate vulnerabilities across GoDaddy's global infrastructure. This remote position requires expertise in vulnerability assessments, threat intelligence, and security tools. You will also provide remediation support, lead team members, and contribute to developing program metrics. The ideal candidate possesses extensive experience in security engineering, particularly in AWS cloud security, and a strong understanding of security concepts and risk management frameworks. GoDaddy offers a comprehensive benefits package, including paid time off, retirement savings options, bonuses, health benefits, and parental leave.

Requirements

• Over 4 years of experience as a Security Engineer in medium to large IT organizations, with a focus on AWS Cloud security
• Hands-on experience with security tools (Tenable, Qualys, AppSpider) and efficiency tools (Microsoft Office Suite, Jira, ServiceNow); experience conducting large network and web application vulnerability scanning and reporting
• Skilled in identifying zero-day vulnerabilities across infrastructure and networks; experience in security risk assessments
• Strong understanding of desktop and server operating systems like RedHat/CentOS Linux and Windows Server, as well as infrastructure and application security concepts and tools
• Solid grasp of general information security concepts, techniques, methodologies, vulnerability classification, and scoring (CVSS, CWE), and solid understanding of risk management frameworks, security frameworks, and data protection regulations
• Strong leadership, interpersonal, and technical writing skills; self-motivated and adaptable standout colleague passionate about security and innovation, excels in cross-functional settings with sharp problem-solving skills

Responsibilities

• Perform vulnerability and impact assessments, perimeter scanning, and vulnerability scanning (using tools like Tenable, Qualys), validate results, prioritize risks, report findings with recommendations, and assist with remediation
• Research and interpret vulnerability disclosures and threat intelligence. Monitor sources for new vulnerabilities, identify impacted assets, classify, and score vulnerabilities
• Secure GoDaddy’s cloud and on-premise infrastructure through continuous scanning, reporting, and collaboration with compliance teams to ensure testing, reporting, and mitigation meet regulatory requirements
• Provide remediation support to users, handle false positive validation requests, and work cross-functionally to implement countermeasures and improve security posture
• Lead and mentor team members, help develop metrics for the Vulnerability Management Program, and contribute to crafting organizational capabilities

Preferred Qualifications

• Bachelor’s Degree in an appropriate field of study or equivalent work experience
• Strong understanding and hands-on ability to implement compliance controls aligned with CIS, PCI-DSS, NIST, and ISO 27001
• Scripting experience, particularly in Python
• Experience using tools like Tanium and BurpSuite
• Penetration testing experience

Benefits

• Paid time off
• Retirement savings (e.g., 401k, pension schemes)
• Bonus/incentive eligibility
• Equity grants
• Participation in our employee stock purchase plan
• Competitive health benefits
• Other family-friendly benefits including parental leave