Senior Security Engineer


Job Location:

Cleveland, TN - USA

Monthly Salary: Not Disclosed
Posted on: 18 hours ago
Vacancies: 1 Vacancy

Job Summary


Job Title: Senior Security Engineer

Location: Cleveland OH Pittsburgh PA or Dallas TX.

Years Of Exp: 8 Yrs
Future duties and responsibilities
  • Vulnerability Triage and Risk Assessment
  • Own security-specific vulnerability triage within the assigned execution crew - reviewing access control privilege escalation identity
  • And container security findings in the vulnerability management platform and making accurate risk assessments before routing to remediation.
  • Identify false positives risk acceptances and exception cases that require security judgment rather than standard runbook execution.
  • Validate risk scores against asset criticality and business context re-scoring where automated triage requires human security expertise.
  • Provide security sign-off on remediation approaches proposed by infrastructure and application engineers before high-risk fixes proceed to change management review.
  • Access Control and Identity Remediation
  • Remediate privilege escalation vulnerabilities across application database and containerlayers reviewing and revoking excessive service account permissions cleaning up orphaned
  • accounts and enforcing least-privilege standards aligned to enterprise IAM governance.
  • Own credential and secrets management remediation for application and database credentials flagged in vulnerability scans coordinating with the platform team for vault integration and
  • ensuring credentials are remediated within approved workflows.
  • Remediate IAM misconfigurations surfaced through vulnerability scans - role-based access violations dormant privileged accounts and unauthorized elevation paths.
  • Support quarterly access review processes for CGI-managed service accounts and automation pipeline credentials.
  • Container and Application Security
  • Own container security vulnerability triage reviewing Docker image CVEs runtime security alerts and container platform security findings routed from the centralized triage function.
  • Perform container configuration reviews against enterprise security standards and flag noncompliant configurations for remediation.
  • Create fix PRs for container-level vulnerabilities within the source control workflow adhering to branching standards and pipeline configurations.
  • Review and validate application security fix approaches proposed by Java
  • developers specifically Spring Security misconfigurations endpoint exposure vulnerabilities
  • OAuth misconfigurations and API security gaps providing security perspective before fixes
  • proceed to application team sign-off. Security Governance and Compliance
  • Maintain accurate POAM records for all security-classified vulnerabilities ensuring remediation dates risk classifications and fix approaches are documented to audit standards
  • required in a regulated banking environment.
  • Prepare security evidence packages for regulatory audit requests pulling remediation history and pipeline execution logs from the vulnerability management platform and work management tools.
  • Identify and document risk acceptances for vulnerabilities that cannot be remediated within SLA windows preparing justifications for information security sign-off.
  • Support the change management process for security-classified changes by preparing security impact assessments for high-risk remediations.
  • Collaboration and Escalation
  • Work closely with Infrastructure Engineers Java Developers Database Administrators and DevSecOps Engineers across all three crews providing security expertise that these roles do not own individually.
  • Escalate Critical and High severity security vulnerabilities immediately upon identification providing technical context and recommended remediation approach to enable rapid response
  • within defined SLA windows.
  • Provide weekly security posture updates to the Delivery Manager covering open high-risk items overdue security remediations and emerging threat patterns from CISA KEV and vendor
  • advisories.
Required Qualifications:
  • 6 years of security engineering or security operations experience in enterprise environments with direct vulnerability remediation responsibility
  • Vulnerability management platform experience POAM management vulnerability record lifecycle risk acceptance workflows and reporting in a production environment
  • Privileged access management and secrets management CyberArk or equivalent vault-based credential governance in an enterprise environment
  • Access control and identity remediation privilege escalation CVE remediation IAM misconfiguration fixes service account cleanup and least-privilege enforcement at scale
  • Container security scanning experience alert triage container vulnerability assessment and integration with downstream remediation workflows
  • Application security knowledge Spring Security OAuth endpoint exposure vulnerabilitiesand API security misconfigurations sufficient to review and validate developer-proposed fixes
  • ITSM experience change request management and security-classified change workflow navigation in a regulated environment
  • Banking or financial services background understanding of regulatory audit evidence requirements change advisory board processes and production deployment governance in a regulated context
Required Skills:
  • Access Management
  • Container Technology
  • Vulnerability coordination
  • Bankin
Preferred Qualifications
  • Tanium Sysdig or SecurityCenter operational experience
  • Java or Spring Boot security awareness sufficient to review application-level fix approaches
  • OCP or Kubernetes container security depth runtime security and image hardening
  • Jira and Confluence proficiency in a sprint-based delivery model
Job Title: Senior Security Engineer Location: Cleveland OH Pittsburgh PA or Dallas TX. Years Of Exp: 8 Yrs Future duties and responsibilities Vulnerability Triage and Risk Assessment Own security-specific vulnerability triage within the assigned execution crew - reviewing access control priv...