Senior Security Engineer – Vulnerability Management & Penetration Testing

Truveta · Hyderabad, India

// classified as

Other (Adjacent or hard to classify.)

> stack

goazurekubernetes

> description

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.   Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our <a href="https://www.truveta.com/careers/">company values</a>. Role Overview  We are looking for a Senior Security Engineer to drive vulnerability management and penetration testing across applications and infrastructure.  This role is focused on hands-on identification, validation, and remediation of security issues, with an emphasis on building scalable processes and improving overall security posture.    Key Responsibilities  <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Own and operate the vulnerability management lifecycle, including:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Continuous scanning (applications, infrastructure, dependencies)  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Risk-based prioritization  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="2">Tracking and driving remediation  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Perform penetration testing on web applications, APIs, and cloud environments.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Partner with engineering teams to fix vulnerabilities and prevent recurrence.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Implement and manage tools for:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">SAST, DAST, and dependency scanning  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Infrastructure and container scanning  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Develop repeatable testing methodologies and automation.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="1">Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="1">Track metrics and report on risk posture and remediation progress.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="9" data-aria-level="1">Contribute to improving secure development practices based on findings.  </li> </ul>   Required Qualifications  <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">5–9+ years of experience in security engineering, vulnerability management, or penetration testing.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Hands-on experience with:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Web and API security testing  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Strong understanding of attack techniques and exploitation methods.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Experience with security scanning tools and frameworks.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Ability to analyze and validate vulnerabilities in real-world systems.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Familiarity with cloud environments (Azure preferred).  </li> </ul>   Preferred Qualifications  <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Experience with automating security testing in CI/CD pipelines.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Familiarity with container and Kubernetes security.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Experience with bug bounty or red teaming.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Relevant certifications (e.g., OSCP, CEH, GWAPT).  </li> </ul>   What We’re Looking For  <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Strong hands-on tester and problem solver.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Ability to go beyond tools and think like an attacker.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Focus on impact-driven security, not just findings. </li> </ul>