Platform Security Vulnerability Management Engineer

Remote, Any, United States, AMER

Fivetran

Effortlessly centralize all the data you need so your team can deliver better insights, faster. Start for free.

View company page

From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses, canonical and ready to query, with no engineering or maintenance required. We’re proud that more organizations continue to leverage our technology every day to become truly data-driven.

  About the Role   Fivetran is building data pipelines to power the modern data stack for thousands of companies. To support building customer trust in our solution, we’re looking for a Platform Security Vulnerability Management Engineer to join Fivetran's Security team. In this role you will work hands on with the team lead to collect, verify, and track platform security vulnerabilities to remediation.   This work is challenging and diverse as Fivetran is a multi-cloud environment operating on AWS, GCP, and Azure. You will be on the team responsible for selecting security tools to detect issues, establishing processes to handle incoming issue reports, run our vendor-supported penetration testing program, design and manage the analysis and triage process, prioritize issues, and create reports, metrics, and dashboards to motivate the engineering organization to address the findings, ultimately raising our security posture while meeting compliance requirements.   This is a full-time position based out of the U.S. and is open to the remote workforce.   Technologies You’ll Use   Bash, Python, JS, BigQuery, Sigma, Looker, Retool, Azure, AWS, GCP, Terraform, Docker, Kubernetes, Github, Buildkite, Sonar, SAST, SCA, DAST, WAF, ASPM, CSPM   What You’ll Do
  • Collaborate with engineering teams during our semi-annual vendor-led pentesting engagement, including verification of results and pursuit of remediation 
  • Assist in the manage both Cloud Infrastructure and Application Security vulnerabilities from a variety of sources: Internal/External Reports, SAST, SCA, Sonar, DAST, Pentesting, Security Scorecard, CSPM, and Incidents
  • Analyze, validate, demonstrate, and adjust severity of vulnerabilities based on actual risk to the organization
  • Document guidance to provide clarity about our vulnerability reporting and remediation processes
  • Refine the secure coding and secure cloud configuration guidance and standards provided to engineers
  • Assisting with evaluation and management of tools for detecting and managing security vulnerabilities
  • Take a “hands-on” approach to build automated integrations with security tools, as well as solutions to inventory, monitor, and report on vulnerability process maturity to leadership and other stakeholders
Skills We’re Looking for
  • Experience with a thriving vulnerability management team and program that includes both Application Security and Cloud Security components
  • Strong analytical skills to determine metrics and reports needed to drive action for both the team and the engineering organization
  • Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions
  • Technical background and ability to write scripts and code to integrate tool APIs with internal ticketing, ASPM/VM, and CI/CD pipeline tools
  • Collaborative experience working closely with product teams, SRE/DevOps, and software engineers to drive adoption of security mindset into processes and SDLC habits
Bonus Skills​
  • Strong understanding of cloud infrastructure and container vulnerability scanning techniques in multi-cloud environments as well as IaC, containers, CSPM security tools such as Lacework, Trivy, Prisma, Qualys, StackRox, AquaSec, Twistlock
  • Ability to manage and perform triage/validation of Application Security vulnerabilities, including those found in the OWASP Top 10 and the Application Security Verification Standard (ASVS)
  • Experience with cloud-native container deployment architecture (Kubernetes, Docker, GKE, EKS, AKS) and IaC automation tools (CloudFormation, Terraform, Ansible, Chef, Puppet or Lambda)
  • Experience running third party penetration tests from contracting through remediation of findings

#LI-REMOTE #LI-RS1

The pay range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the target position and level. Our pay ranges are determined by role, level, and location. Our job titles may span more than one career level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, relevant education or training, business need, market demands. The pay range is subject to change and may be modified in the future. Your recruiter can share more about the specific pay range for your location during the hiring process.


This range represents base salary only and does not include incentive for sales roles, equity, or  benefits, if applicable. 


Pay Range$149,927.34—$179,920 USD

Perks and Benefits

  • 100% employer-paid medical insurance*
  • Generous paid time-off policy (PTO), plus paid sick time, inclusive parental leave policy, holidays, and volunteer days off
  • RSU stock grants*
  • Professional development and training opportunities
  • Company virtual happy hours, free food, and fun team-building activities
  • Monthly cell phone stipend
  • Recharge, reenergize, and pursue personal and professional goals with a 30-day paid leave after 5 years*
  • Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching, and self-guided mindfulness exercises for all covered employees and their covered dependents.

*May vary by country and worker type - please reach out to your recruiter for more information

Click here to learn more about Fivetran's Benefits by Region.

We’re honored to be valued at over $5.6 billion, but more importantly, we’re proud of our core values of Get Stuck In, Do the Right Thing, and One Team, One Dream. Read about us in Forbes.     

Fivetran brings together high-quality talent across the globe to make data access as easy and reliable as electricity for our customers. We value and recognize that our customers benefit from having innovative teams made of people from many backgrounds, experiences, and identities. Fivetran promotes diversity, equity, inclusion & belonging through attracting, recruiting, developing, and retaining a diverse workforce, not only because it is the right thing to do, but because it helps us build a world-class company to better serve our customers, our people and our communities.

To learn more about Fivetran’s culture and what it’s like to be part of the team, click here and enjoy our video.

To learn more about our candidate privacy policy, you can read our statement here.

We are committed to ensuring that all candidates have an equal opportunity to participate in our interview process. If you require accommodations at any stage of the process due to a disability, medical condition, or any other circumstance, please don't hesitate to submit your request by filling out this form. We will work with you to provide reasonable accommodations to facilitate your participation and ensure a fair and accessible interview experience. Your request and any information provided will be kept confidential and will not impact your candidacy. We look forward to hearing from you and accommodating your needs to the best of our ability.

Apply now Apply later
  • Share this job via
  • or

Tags: Ansible APIs Application security AquaSec Automation AWS Azure Bash CI/CD Cloud Compliance CSPM DAST DevOps Docker GCP GitHub Kubernetes Lambda OWASP Pentesting Privacy Puppet Python Qualys SAST SDLC Terraform Twistlock Vulnerabilities Vulnerability management

Perks/benefits: Career development Cell phone stipend Equity Flex vacation Health care Home office stipend Insurance Medical leave Parental leave Salary bonus Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  11  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.