Staff Security Engineer, Vulnerability Operations

Summary

Join 6sense as a Staff Security Engineer and lead the end-to-end vulnerability management program. You will be responsible for designing and executing quarterly OKRs, building automation pipelines, defining and tracking KPIs, and collaborating with cross-functional teams. The role requires strong experience in vulnerability management, AppSec, InfraSec, and CloudSec, as well as scripting and automation skills. You will mentor junior engineers and influence security culture. This remote position offers a competitive salary, benefits, and opportunities for professional development. 6sense values a growth mindset and employee well-being.

Requirements

• 8+ years in security engineering, with deep experience in vulnerability management
• Strong background in AppSec, InfraSec, and CloudSec (AWS preferred)
• Hands-on experience with SAST, DAST, container scanning, and IaC security
• Familiarity with frameworks like NIST, MITRE ATT&CK, and OWASP
• Strong scripting and automation skills (Python, Bash, etc.)
• Excellent communication and stakeholder management skills
• 8–12+ years in security roles
• Experience leading vulnerability programs or AppSec/CloudSec initiatives
• Strong automation and scripting background
• Experience with security tooling (e.g., Wiz, GitHub Advanced Security, Rapid7, Snyk, Orca, Qualys)

Responsibilities

• Program Ownership: Lead the end-to-end vulnerability lifecycle—detection, triage, remediation, and reporting—across cloud, infrastructure, and application layers. Design and execute quarterly (O)KRs
• Technical Leadership: Build and maintain automation pipelines for vulnerability detection and response (e.g., Wiz, GitHub, Ox, Invicti)
• Metrics & Reporting: Define and track KPIs/OKRs (e.g., SLA adherence, MTTR, coverage rates) and present program health to leadership
• Cross-Functional Collaboration: Partner with Engineering, GRC, IT, and Product to embed security into SDLC and CI/CD pipelines
• Process Optimization: Standardize and scale vulnerability triage and remediation workflows using tools like Jira, Slack, and custom scripts
• Mentorship & Influence: Coach junior engineers and influence security culture across the org

Benefits

• Generous health insurance coverage
• Life, and disability insurance
• A 401K employer matching program
• Paid holidays
• Self-care days
• Paid time off (PTO)
• Full-time employees can take advantage of health coverage, paid parental leave, generous paid time-off and holidays, quarterly self-care days off, and stock options
• Access to our LinkedIn Learning platform