Senior Vulnerability Management Engineer

Zoox is seeking a highly experienced and technically proficient Senior Vulnerability Management Engineer to lead and mature our enterprise vulnerability management program. This critical role involves architecting, implementing, and optimizing vulnerability scanning and remediation processes, with a strong emphasis on automation, securing our cloud infrastructure, and managing traditional on-premises systems. The ideal candidate will be a subject matter expert in cloud and traditional security, possess advanced scripting capabilities, and be adept at driving significant security improvements across large, complex environments.

In this role, you will lead the vulnerability management program by strategically designing, implementing, and continuously maturing the vulnerability scanning and management program across the enterprise, including on-premises infrastructure (servers, network devices), applications, containers, and complex cloud environments. You will architect, develop, and maintain robust automation pipelines to integrate vulnerability scanners with cloud APIs, asset inventory, and orchestration tools, significantly reducing manual efforts and improving data accuracy. Additionally, you will serve as a subject matter expert for identifying, assessing, and remediating vulnerabilities specific to both cloud and on-premises services and configurations.

The position requires 7+ years of progressive experience in Information Security, with at least 3 years dedicated to a senior/lead role in Vulnerability Management. High-level proficiency in scripting for developing security automation, API integration, data manipulation, and building custom security and reporting tools is essential. Deep, hands-on experience securing large-scale cloud environments and traditional on-premises enterprise systems is also required. Expertise in administering and tuning enterprise-grade vulnerability scanning solutions (e.g., Qualys, Rapid7 Nexpose) across both cloud and on-premises assets is necessary. A thorough understanding of vulnerability scoring standards (CVSS v3+) and the methodologies used to prioritize risks based on business context and threat intelligence is expected. Experience with CI/CD pipeline security, DevSecOps practices, and integrating security testing into the development lifecycle is also required.

The base salary range for this position is $190,000 to $228,000 per year. Compensation includes three major components: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. A sign-on bonus may be offered as part of the compensation package. Zoox also offers a comprehensive package of benefits, including paid time off (e.g., sick leave, vacation, bereavement), unpaid time off, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.

Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.