Zocdoc

Senior Staff Security Engineer, Vulnerability Management

Zocdoc$200K — $290K *
US-AnywhereRemote in United States
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years of experience in security engineering or software development, focusing on infrastructure and product security.
  • Proven experience developing production-grade automation scripts and custom security tools.
  • Hands-on experience with offensive security exercises like red teaming and penetration testing.
  • Expertise in securing cloud infrastructures using AWS, GCP, or Azure, along with Docker and Kubernetes.
  • Advanced programming skills in Python, Go, or Rust for automation and integration tasks.
  • Familiarity with adversarial frameworks and vulnerability scoring systems like CVSS, EPSS.
  • Experience integrating security scanners into CI/CD workflows, with a focus on AI and LLM APIs.

Responsibilities

  • Own the technical roadmap for an automated AI-driven vulnerability scanning platform.
  • Build context-engine models to correlate findings and assess true exploitability.
  • Implement AI-assisted workflows for classifying vulnerabilities, reducing false positives.
  • Lead red teaming and purple teaming exercises to strengthen defenses.
  • Partner with engineering teams to develop automated remediation pipelines.
  • Integrate security scanning guardrails within CI/CD processes.
  • Utilize cutting-edge GenAI tools for analysis and workflow enhancement.

Benefits

  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefits (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness programs with Headspace and Peloton
  • Sabbatical leave after 5+ years of service
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs for community engagement
  • Great Place to Work Certified
Full Job Description
Your Impact on our Mission

Zocdoc's most important asset is our people and our platform. As a Senior Staff Engineer, Vulnerability Management, you'll play a meaningful role in strengthening both by architecting and scaling our next-generation vulnerability detection and remediation ecosystem across Compliance, Security, and Engineering. In this role, you'll help move our security posture from reactive firefighting to predictive, continuous risk reduction through intelligent automation, deeper full-stack visibility, and faster remediation across infrastructure, containers, and application code.
You'll enjoy this role if you are...
  • Personally motivated by building secure, scalable systems that reduce real-world risk at scale.
  • Autonomous, urgent, and creative, and you love turning noisy security findings into actionable engineering outcomes.
  • Highly collaborative and energized by working across Security, Compliance, Engineering, and DevOps teams.
  • Passionate about offensive security, adversarial validation, and understanding how theoretical vulnerabilities translate into operational exposure.
  • A systems thinker who can connect infrastructure, application security, compliance, and automation into one cohesive program.
  • The kind of person who enjoys pairing deep technical judgment with practical execution and measurable impact.
  • Serious about your work, but not about yourself.
Your day to day is...
  • Owning the technical roadmap for an automated, AI-driven vulnerability scanning platform across cloud infrastructure, container registries, operating systems, and application-layer software.
  • Building context-engine models that correlate findings from SAST, DAST, SCA, and cloud posture tooling to determine true runtime exploitability.
  • Implementing AI-assisted triage workflows that classify vulnerabilities, reduce false positives, and route validated issues to the right engineering teams.
  • Leading targeted red teaming and collaborative purple teaming exercises to validate exploitable paths and strengthen runtime defenses.
  • Partnering directly with Software Engineering and DevOps to build automated remediation pipelines, including dependency update pull requests and base-image patching workflows.
  • Engineering security scanning guardrails into CI/CD pipelines and providing structured telemetry to support continuous compliance and executive risk visibility.
  • Working with cutting-edge GenAI tools and technology to analyze findings, improve prioritization, and accelerate remediation workflows.
You'll be successful in this role if you have...
  • Meaningful experience in security engineering, vulnerability management, or software development, with at least 8 years focused on infrastructure, container platforms, and product security.
  • A proven track record of writing production-grade automation scripts and building custom security tooling at scale.
  • Hands-on experience planning or executing offensive security exercises, red teaming, purple teaming, or penetration testing.
  • Deep experience securing cloud infrastructure and containerized ecosystems using platforms such as AWS, GCP, or Azure, along with Docker and Kubernetes.
  • Advanced proficiency in Python, Go, or Rust to build automation, integrate scanner APIs, and orchestrate automated patching workflows.
  • Strong familiarity with adversarial frameworks, vulnerability scoring systems such as CVSS and EPSS, and common application and infrastructure attack vectors including the OWASP Top 10.
  • Experience integrating security scanners into CI/CD workflows and using AI or LLM APIs to analyze code or log data for rapid prioritization.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • Advanced security certifications such as OSCE, OSCP, GXPN, CISSP, or equivalent practical engineering experience are highly valued.

Benefits:
  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefit options (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness programs with Headspace and Peloton
  • Sabbatical leave (for employees with 5+ years of service)
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs to promote shared community and belonging
  • Great Place to Work Certified


Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate's experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity.

Remote Base Salary Range

$200,000-$290,000 USD

About Zocdoc

Zocdoc is a healthcare technology company that provides a digital platform for patients to find and book appointments with doctors and other healthcare providers. The company's platform allows patients to search for doctors by specialty, location, insurance, and other criteria, and to book appointments online or through a mobile app. Zocdoc also provides tools for doctors to manage their schedules, patient records, and online reputation. The company was founded in 2007 and is headquartered in New York City. Zocdoc has raised over $225 million in funding and has been recognized as one of the fastest-growing companies in the healthcare industry.
Learn more about Zocdoc
Size
1,000 employees
Industry
Founded
2007

Similar Jobs

More Jobs at Zocdoc

More Information Technology Jobs

Find similar Senior Staff Security Engineer, Vulnerability Management jobs: