Senior Security Engineer - Vulnerability Management
Relativity
Posting Type
Remote
Job Overview
As a Senior Security Engineer on the Vulnerability Management team at Relativity, you will work with other teams both inside and outside of the Security department to ensure the security of our infrastructure and products.This is an opportunity to work in a security department focused on DevSecOps in a rapidly expanding tech company, where you'll be helping secure both company infrastructure and a dynamic web system built on top of containers, native cloud applications, and other modern technology stacks.
These things will be key to be successful in this role:
You are motivated to be part of an international team in a security-focused environment within the Legal Tech industry.
⦁ You want to help empower engineers to build secure products.
⦁ You want to have a real impact on the security of the leading eDiscovery/Legal Tech product.
⦁ You enjoy and thrive in cross-functional collaboration.
⦁ You enjoy being exposed to a variety of modern technologies.
⦁ You enjoy and thrive in cross-functional collaboration.
⦁ You enjoy being exposed to a variety of modern technologies.
Job Description and Requirements
What are the core duties of this role?
Architect, develop and operate a scalable Vulnerability Management program that enables the adoption of security services and software with the goal of preventing and reducing risk (e.g. Azure Cloud Services, .NET microservices, Kubernetes).
Develop and implement services and automation to reduce workload and enhance efficiency (e.g., GitHub Actions).
Provide reusable tooling, services, and automation to be consumed internally and externally that simplifies processes within the Vulnerability Management program.
Drive implementation, support, and monitoring of Infrastructure as Code (IaC) for managing all team infrastructure (e.g. Pulumi).
Maintain vulnerability scanning tools to optimize the data received from them to track risk. Ensure the continuous health and optimal performance of vulnerability scanning tools by performing regular updates, troubleshooting issues, and implementing enhancements. Monitor tool performance, address any technical issues promptly, and collaborate with vendors for support and improvements.
Implement and direct Vulnerability Management processes. Oversee the entire vulnerability management lifecycle: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification.
Set and achieve team objectives aimed at reducing overall risk and identifying new areas of exposure.
Collaborate with internal teams to validate and remediate findings from vulnerability scans, third-party assessments, and the Bug Bounty Program.
Continuously evaluate and improve configuration management practices to enhance efficiency, effectiveness, and compliance.
Perform and assist others with threat modeling to assess the severity of a vulnerability.
Organize and lead knowledge-sharing sessions and events to enhance the skills and expertise of the team, fostering a culture of continuous learning and improvement.
Act as an escalation point on the Vulnerability Management team and represent the team in meetings with external teams and customers.
Enhance risk visibility by creating and reporting on relevant metrics.
Minimum qualifications:
Minimum of 2 years of experience in DevSecOps software engineering and automation.
Proficiency in at least 1 modern Object-Oriented Programming (OOP) language, preferably .NET.
Experience with cloud native development in Azure and an understanding of cloud architecture principals and patterns.
Experience with Infrastructure as Code (IaC), preferably Pulumi.
Minimum of 4 years of experience in security preferably in a high-security environment.
Experience with modern vulnerability scanning tools.
Proven ability to deliver on large-scale, cross-functional projects.
Excellent verbal and written communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges.
Familiar with specification, technical design, estimation, and project management practices.
Preferred qualifications:
Knowledge of professional software engineering practices & software development life cycle (SDLC), including coding standards, code reviews, source control management, build processes, testing, and operations.
Experience working in a SaaS environment operating on a global scale.
Experience in the legal space.
Experience working with container vulnerability scanning tools.
Experience working with Azure.
-
Experience working with FedRAMP.
Relativity is committed to competitive, fair, and equitable compensation practices.
This position is eligible for total compensation which includes a competitive base salary, an annual performance bonus, and long-term incentives.
The expected salary range for this role is between following values:
224 000 and 336 000PLNThe final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position.