Senior Security Engineer
Job Location:
Cleveland, TN - USA
Monthly Salary:
Not Disclosed
Posted on:
18 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: Senior Security Engineer
Location: Cleveland OH Pittsburgh PA or Dallas TX.
Years Of Exp: 8 Yrs
Future duties and responsibilities
- Vulnerability Triage and Risk Assessment
- Own security-specific vulnerability triage within the assigned execution crew - reviewing access control privilege escalation identity
- And container security findings in the vulnerability management platform and making accurate risk assessments before routing to remediation.
- Identify false positives risk acceptances and exception cases that require security judgment rather than standard runbook execution.
- Validate risk scores against asset criticality and business context re-scoring where automated triage requires human security expertise.
- Provide security sign-off on remediation approaches proposed by infrastructure and application engineers before high-risk fixes proceed to change management review.
- Access Control and Identity Remediation
- Remediate privilege escalation vulnerabilities across application database and containerlayers reviewing and revoking excessive service account permissions cleaning up orphaned
- accounts and enforcing least-privilege standards aligned to enterprise IAM governance.
- Own credential and secrets management remediation for application and database credentials flagged in vulnerability scans coordinating with the platform team for vault integration and
- ensuring credentials are remediated within approved workflows.
- Remediate IAM misconfigurations surfaced through vulnerability scans - role-based access violations dormant privileged accounts and unauthorized elevation paths.
- Support quarterly access review processes for CGI-managed service accounts and automation pipeline credentials.
- Container and Application Security
- Own container security vulnerability triage reviewing Docker image CVEs runtime security alerts and container platform security findings routed from the centralized triage function.
- Perform container configuration reviews against enterprise security standards and flag noncompliant configurations for remediation.
- Create fix PRs for container-level vulnerabilities within the source control workflow adhering to branching standards and pipeline configurations.
- Review and validate application security fix approaches proposed by Java
- developers specifically Spring Security misconfigurations endpoint exposure vulnerabilities
- OAuth misconfigurations and API security gaps providing security perspective before fixes
- proceed to application team sign-off. Security Governance and Compliance
- Maintain accurate POAM records for all security-classified vulnerabilities ensuring remediation dates risk classifications and fix approaches are documented to audit standards
- required in a regulated banking environment.
- Prepare security evidence packages for regulatory audit requests pulling remediation history and pipeline execution logs from the vulnerability management platform and work management tools.
- Identify and document risk acceptances for vulnerabilities that cannot be remediated within SLA windows preparing justifications for information security sign-off.
- Support the change management process for security-classified changes by preparing security impact assessments for high-risk remediations.
- Collaboration and Escalation
- Work closely with Infrastructure Engineers Java Developers Database Administrators and DevSecOps Engineers across all three crews providing security expertise that these roles do not own individually.
- Escalate Critical and High severity security vulnerabilities immediately upon identification providing technical context and recommended remediation approach to enable rapid response
- within defined SLA windows.
- Provide weekly security posture updates to the Delivery Manager covering open high-risk items overdue security remediations and emerging threat patterns from CISA KEV and vendor
- advisories.
Required Qualifications:
- 6 years of security engineering or security operations experience in enterprise environments with direct vulnerability remediation responsibility
- Vulnerability management platform experience POAM management vulnerability record lifecycle risk acceptance workflows and reporting in a production environment
- Privileged access management and secrets management CyberArk or equivalent vault-based credential governance in an enterprise environment
- Access control and identity remediation privilege escalation CVE remediation IAM misconfiguration fixes service account cleanup and least-privilege enforcement at scale
- Container security scanning experience alert triage container vulnerability assessment and integration with downstream remediation workflows
- Application security knowledge Spring Security OAuth endpoint exposure vulnerabilitiesand API security misconfigurations sufficient to review and validate developer-proposed fixes
- ITSM experience change request management and security-classified change workflow navigation in a regulated environment
- Banking or financial services background understanding of regulatory audit evidence requirements change advisory board processes and production deployment governance in a regulated context
Required Skills:
- Access Management
- Container Technology
- Vulnerability coordination
- Bankin
Preferred Qualifications
- Tanium Sysdig or SecurityCenter operational experience
- Java or Spring Boot security awareness sufficient to review application-level fix approaches
- OCP or Kubernetes container security depth runtime security and image hardening
- Jira and Confluence proficiency in a sprint-based delivery model