This position is part of the Fullsteam InfoSec Team which is directly responsible for working with Business Units and Fullsteam Corporate on security initiatives and response.
At Fullsteam, we're committed to protecting our digital assets and delivering the highest standard of security across our business. As we continue to scale our security programs, we're looking for a passionate security professional to join our Proactive Security team.
We're a small, high-ownership team tackling vulnerability and risk exposure across a broad surface; infrastructure, applications, software, AI systems, and external attack surface. This isn't a ticket queue role; you'll have real ownership across the full vulnerability lifecycle, contribute to automation and tooling, and work directly alongside security leadership. If you thrive in a fast-paced environment and want to help shape a growing VM program, we want to hear from you.
Primary Responsibilities:- Contribute to and help mature our vulnerability management program, ensuring identified risks are remediated according to SLAs across the enterprise and business units
- Identify and report known vulnerabilities across infrastructure (cloud and on-prem), applications, software, AI systems, and external attack surface
- Monitor external attack surface exposures and contribute to remediation prioritization
- Produce vulnerability metrics, trending reports, and risk summaries for security leadership and business unit stakeholders
- Support alignment of the VM program with industry regulations and standards (PCI-DSS, SOC2, NIST CSF, ISO 27001)
- Collaborate with Security, IT, and BU Engineering teams to drive effective and measurable vulnerability and risk exposure outcomes
- Contribute to risk management and governance functions (e.g., risk register, key metrics, vulnerability reports)
- Develop and contribute to AI-assisted HITL (Human in the Loop) automation and workflows for Proactive Security initiatives
- Collaborate with and learn alongside other Proactive Security team members
Skills & Competencies: - 8+ years of Information Technology / Security experience with 2-4+ years of hands-on experience in vulnerability management, attack surface management, or related security functions
- Working knowledge of security tools such as Wiz, Snyk, Qualys, Nessus, MS Defender, or similar platforms
- Experience with vulnerability prioritization frameworks (CVSS, EPSS, risk-based scoring)
- Experience with application security testing concepts and tools (SAST, DAST, IAST, Burp Suite, Postman, GitHub, etc.)
- Basic scripting or programming experience in any language, or a strong desire to develop this skill
- Ability to produce clear, actionable security reporting for both technical and non-technical audiences
- Hands-on experience with AI-assisted security workflows (prompt engineering, agent development, MCP tooling)
- Experience developing or contributing to process documentation
- Ability to work independently in a fully remote environment while managing multiple concurrent priorities
- Experience working in a multi-business-unit or enterprise environment
- Genuine curiosity and desire to grow
Minimum Qualifications: - CISSP or equivalent certification (GIAC, CISM, CRISC)
- Bachelor's degree in cybersecurity or equivalent work experience
- Hands-on Defensive or Offensive security training or work experience
- Project management knowledge, training and/or certifications
Base Salary Range: $122,254 - $130,000 USD
