Optomi
Senior Principal Vulnerability Management Engineer (Application Security)
Optomi, Dallas, Texas, United States, 75215
Senior Principal Vulnerability Management Engineer (Application Security)
1 day ago Be among the first 25 applicants
This range is provided by Optomi. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $200,000.00/yr - $240,000.00/yr
Senior Principal Application Security Engineer (Threat and Vulnerability Management) - Hybrid role*
*This position is Hybrid (4x per week). Candidate can report to the Fort Worth, Las Colinas or Arlington, TX locations.
Optomi, in partnership with a client in the financial services space, is looking to add an Application Security Engineer over Threat and Vulnerability Management to their team! This is a new position, and the right candidate for this role will help mature the current program in place.
The Application Security Principal Engineer role is responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across the IT infrastructure, business applications, and cloud environments.
The ideal Application Security Principal Engineer candidate must have a strong well‑rounded technical background in information technology, cybersecurity, vulnerability scanning tools, and risk assessment methodologies. The ideal candidate must be able to assess all vulnerability risks and accurately articulate and document for both technical and non-technical team members the risk level, impacts, and options for remediation and or mitigation of the risk.
Responsibilities
Support and influence technical direction for vulnerability and scanning supporting technology
Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
Serve as a technical escalation point for vulnerability management and remediation efforts
Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization
Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on factors such as risk, exposure, business impact, threat intelligence, and contextual data
Perform technical analysis of all scan results and provide a report of analysis as required
Qualifications
Bachelor's Degree or Associate Degree plus 2 years of relevant experience required
12 years minimum experience in related functions
5-7 years experience leading through mentorship in a related field
5-7 years experience driving thought leadership and innovation across products
Relevant certifications or licenses preferred
Experience with leading cross‑functional and/or global initiatives from start to finish
Advanced knowledge of business acumen and a deep understanding of business implications of decisions
Comprehensive knowledge of Windows, Linux, Unix, and other OS’s vulnerabilities
Strong experience in threat modeling, secure design, and code review processes and ways to stop them
Demonstrated knowledge in methods to protect against ransomware threats
Deep experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
Robust experience securing hybrid/multi cloud environments (Azure, AWS)
Proven and verifiable record of building vulnerability tooling and automations integrated into workflows
Deep understanding of the vulnerability risk landscape and its impact on cyber threats
Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures
Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
Demonstrated experience with DevSecOps and CI/CD methodologies
Working understanding of CVE, CWE, CVSS scoring, MitRE ATT&CK Framework, threat intelligence, and CISA
Seniority level Director
Employment type Full-time
Job function Business Development and Engineering
Industries IT Services and IT Consulting and Financial Services
Referrals increase your chances of interviewing at Optomi by 2x
Get notified about new Management Engineer jobs in Dallas-Fort Worth Metroplex.
#J-18808-Ljbffr
This range is provided by Optomi. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $200,000.00/yr - $240,000.00/yr
Senior Principal Application Security Engineer (Threat and Vulnerability Management) - Hybrid role*
*This position is Hybrid (4x per week). Candidate can report to the Fort Worth, Las Colinas or Arlington, TX locations.
Optomi, in partnership with a client in the financial services space, is looking to add an Application Security Engineer over Threat and Vulnerability Management to their team! This is a new position, and the right candidate for this role will help mature the current program in place.
The Application Security Principal Engineer role is responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across the IT infrastructure, business applications, and cloud environments.
The ideal Application Security Principal Engineer candidate must have a strong well‑rounded technical background in information technology, cybersecurity, vulnerability scanning tools, and risk assessment methodologies. The ideal candidate must be able to assess all vulnerability risks and accurately articulate and document for both technical and non-technical team members the risk level, impacts, and options for remediation and or mitigation of the risk.
Responsibilities
Support and influence technical direction for vulnerability and scanning supporting technology
Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
Serve as a technical escalation point for vulnerability management and remediation efforts
Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization
Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on factors such as risk, exposure, business impact, threat intelligence, and contextual data
Perform technical analysis of all scan results and provide a report of analysis as required
Qualifications
Bachelor's Degree or Associate Degree plus 2 years of relevant experience required
12 years minimum experience in related functions
5-7 years experience leading through mentorship in a related field
5-7 years experience driving thought leadership and innovation across products
Relevant certifications or licenses preferred
Experience with leading cross‑functional and/or global initiatives from start to finish
Advanced knowledge of business acumen and a deep understanding of business implications of decisions
Comprehensive knowledge of Windows, Linux, Unix, and other OS’s vulnerabilities
Strong experience in threat modeling, secure design, and code review processes and ways to stop them
Demonstrated knowledge in methods to protect against ransomware threats
Deep experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
Robust experience securing hybrid/multi cloud environments (Azure, AWS)
Proven and verifiable record of building vulnerability tooling and automations integrated into workflows
Deep understanding of the vulnerability risk landscape and its impact on cyber threats
Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures
Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
Demonstrated experience with DevSecOps and CI/CD methodologies
Working understanding of CVE, CWE, CVSS scoring, MitRE ATT&CK Framework, threat intelligence, and CISA
Seniority level Director
Employment type Full-time
Job function Business Development and Engineering
Industries IT Services and IT Consulting and Financial Services
Referrals increase your chances of interviewing at Optomi by 2x
Get notified about new Management Engineer jobs in Dallas-Fort Worth Metroplex.
#J-18808-Ljbffr