Avast

Security Controls Engineer

Avast$90K — $120K *
Tempe, AZ 85281In-Person
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Degree in Information Technology or related field, preferably focused on cybersecurity.
  • 3+ years of experience in vulnerability management or security engineering in a cloud/software environment.
  • Ability to independently drive outcomes across teams.
  • Understanding of regulatory security requirements and experience with frameworks like ISO 27001 and GDPR.
  • Strong translation skills for converting policies into actionable tasks for developers.
  • Hands-on experience with work tracking tools (e.g., Jira, Azure DevOps).
  • Strong communication skills with experience in analyzing and reporting on vulnerability trends.

Responsibilities

  • Translate legal and security obligations into actionable tasks for engineering teams.
  • Own the end-to-end vulnerability management lifecycle from scanning to closure.
  • Integrate security practices into CI/CD pipelines with measurable SLAs for tracking.
  • Coordinate work across various security domains and DevOps teams for consistent practice adoption.
  • Build and maintain delivery plans, track milestones, and manage dependencies using tools like Jira.
  • Align with product owners and security SMEs to resolve blockers and facilitate decision-making.
  • Develop actionable dashboards for senior leadership to report on vulnerability metrics and risks.

Benefits

  • Opportunity to work at the intersection of security and DevOps.
  • Role allows for significant independent initiative and decision-making.
  • Collaborative environment involving multiple teams and disciplines.
  • Potential for personal and professional growth in a fast-paced sector.
Full Job Description
About the Role:

We're looking for an independent, driven security professional who thrives at the intersection of security, DevOps, and delivery. In this role, you will translate legal and security framework requirements into clear, actionable vulnerability management and remediation programs that operate across multiple Security and DevOps teams. You'll help design, operationalize, and continually improve our vulnerability management lifecycle, from identification and triage through prioritization and remediation to validation and reporting. This includes secure development practices within regulatory frameworks guiding vulnerability handling, coordinated disclosure, SBOM transparency, patch management, and post-deployment monitoring. You will track, report, and escalate progress, risks, and dependencies, partnering closely with a Senior Project Manager and reporting to senior leadership.

If you enjoy making complex requirements practical, measurable, and delivered-this is for you.

Key Responsibilities:
  • Translate requirements 12 action: Break down legal, regulatory (including Cyber Resiliency Act), and security framework obligations into prioritized, testable tasks for engineering and platform teams. Define concrete technical control requirements across vulnerability detection, remediation SLAs, secure configuration baselines, SBOM management, and coordinated disclosure processes.
  • Own the vulnerability management lifecycle: Drive end-to-end vulnerability management across infrastructure, cloud, applications, containers, and third-party components-including scanning, triage, risk-based prioritization (CVSS + exploitability + business impact), remediation tracking, validation, and closure.
  • Integrate security into CI/CD: Partner closely with the Application Security team to support SAST, DAST, SCA, container, IaC, and cloud configuration scanning into CI/CD pipelines. Ensure findings are automatically ticketed, risk-ranked, and tracked to resolution with measurable SLAs.
  • Orchestrate implementation: Coordinate work across multiple security domains (e.g., IAM, vuln mgmt, cloud security, appsec) and DevOps/Platform teams to drive consistent adoption.
  • Plan & track delivery: Build delivery plans, track milestones, manage dependencies, and maintain a single source of truth (e.g., Jira/Azure Boards).
  • Stakeholder management: Align with product owners, architects, and security SMEs; resolve blockers and facilitate decisions.
  • Metrics & reporting: Develop actionable dashboards that show vulnerability aging, SLA compliance, backlog trends, recurring vulnerability patterns, report status, risk exposure, and remediation plans to senior leadership in concise dashboards.
  • Control mapping & evidence: Help map vulnerability management practices to regulatory frameworks and collect/curate evidence for audits.
  • Continuous improvement: Standardize templates, automate playbooks and evidence collection, and reduce manual triage effort to advance processes and program maturity.
  • Partner with PM: Work hand-in-hand with a Senior PM to align scope, timelines, compliance deadlines, and cross-team execution.


About you:
  • A degree in Information Technology or a related field, ideally with a focus on cybersecurity, is an advantage.
  • 3+ years of experience in vulnerability management, security engineering, or security program delivery in a cloud/software environment.
  • Demonstrated ability to work independently and drive outcomes across multiple teams.
  • Working understanding of regulatory security requirements and demonstrated experience with common frameworks/regulations implementation (e.g., ISO 27001, NIS2, SOC 2, GDPR, PCI DSS).
  • Strong translation skills: turn policy and control language into developer-ready user stories, acceptance criteria, remediation tasks, and runbooks.
  • Hands-on experience using work tracking tools (Jira, Azure DevOps, etc.) and crafting status reports/dashboards for leadership.
  • Strong communication skills: comfortable analyzing vulnerability trends, including ageing, patch latency, and systemic root causes, supported by concise writing ability, clear meeting facilitation, and demonstrated experience with stakeholder alignment.
  • Understanding of modern SDLC/DevOps practices (CI/CD, IaC, pipelines, change management).
  • Experience in cloud environments (AWS/Azure/GCP), including shared responsibility and guardrail patterns.
  • Wry sense of humor is a plus


What's next:
  • Recruiter Phone Screen
  • Hiring Manager Interview
  • Technical Aptitude Interview
  • Cross-Functional Stakeholder Interview
  • Final Round Interview

About Avast

Avast is a cybersecurity company that develops and markets security software for personal computers and mobile devices. The company's products include antivirus software, VPN services, and password management tools. Avast has over 435 million active users worldwide and is headquartered in London, England. The company was founded in 1988 and has offices in the Czech Republic, the United States, and other countries.
Learn more about Avast
Size
1,700 employees
Industry
Founded
1988

Similar Jobs

More Jobs at Avast

More Information Technology Jobs

Find similar Security Controls Engineer jobs: