Senior Security Engineer - Vulnerability Management

Job Overview

As a Senior Security Engineer on the Vulnerability Management team at Relativity, you will work with other teams both inside and outside of the Security department to ensure the security of our infrastructure and products.

This is an opportunity to work in a security department focused on DevSecOps in a rapidly expanding tech company, where you'll be helping secure both company infrastructure and a dynamic web system built on top of containers, native cloud applications, and other modern technology stacks.

These things will be key to be successful in this role: 

You are motivated to be part of an international team in a security-focused environment within the Legal Tech industry. 

You want to help empower engineers to build secure products. 

You want to have a real impact on the security of the leading eDiscovery/Legal Tech product.

You enjoy and thrive in cross-functional collaboration. 

You enjoy being exposed to a variety of modern technologies.

Job Description and Requirements

What are the core duties of this role? 

• Maintain vulnerability scanning tools to optimize the data received from them to track risk. Ensure the continuous health and optimal performance of vulnerability scanning tools by performing regular updates, troubleshooting issues, and implementing enhancements. Monitor tool performance, address any technical issues promptly, and collaborate with vendors for support and improvements. 
• Implement and direct Vulnerability Management processes. Oversee the entire vulnerability management lifecycle: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification. 
• Set and achieve team objectives aimed at reducing overall risk and identifying new areas of exposure. 
• Develop automation to reduce workload and enhance efficiency (e.g., GitHub Actions). 
• Collaborate with internal teams to validate and remediate findings from vulnerability scans, third-party assessments, and the Bug Bounty Program. 
• Continuously evaluate and improve configuration management practices to enhance efficiency, effectiveness, and compliance. 
• Perform and assist others with threat modeling to assess the severity of a vulnerability. 
• Organize and lead knowledge-sharing sessions and events to enhance the skills and expertise of the team, fostering a culture of continuous learning and improvement. 
• Act as an escalation point on the Vulnerability Management team and represent the team in meetings with external teams and customers. 
• Enhance risk visibility by creating and reporting on relevant metrics.

Minimum qualifications:

• Minimum of 1 year of experience in software engineering and automation.
• Proficiency in at least 1 modern Object-Oriented Programming (OOP) language.
• Bachelor's degree in security management, Computer Science, Information Systems, or related field, or relevant experience.  
• Minimum of 4 years of experience in security preferably in a high-security environment.
• Experience with modern vulnerability scanning tools.
• Proven ability to deliver on large-scale, cross-functional projects.
• Excellent verbal and written communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders. 
• Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. 
• Familiar with specification, technical design, estimation, and project management practices. 

Preferred qualifications:

• Knowledge of professional software engineering practices & software development life cycle (SDLC), including coding standards, code reviews, source control management, build processes, testing, and operations.
• Experience working in a SaaS environment operating on a global scale.
• Experience in the legal space.
• Experience working with container vulnerability scanning tools.
• Experience working with Azure.

Relativity is committed to competitive, fair, and equitable compensation practices.

This position is eligible for total compensation which includes a competitive base salary, an annual performance bonus, and long-term incentives.

The expected salary range for this role is between following values:

0 and 0PLNThe final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position.