Senior Security Engineer - Vulnerability Operations

6sense, Inc.

Full Timesenior

Bengaluru, Karnataka, IndiaPosted 2 days ago

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonJavaScriptBashAWSTerraformMicroservices

Job Description

<div class="content-intro">Our Mission: 6sense's mission is to multiply what matters: growth, retention, and efficiency.  We envision a future where companies, teams and people reach their full potential. Our People: People are the heart and soul of 6sense. We serve with passion and purpose. We live by our Being 6sense values of Win as One Team, Stay Curious, Do The Right Thing, Own the Outcome, and Create Belonging.  Every 6sensor plays a part in deﬁning the future of our industry-leading technology.  6sense is a place where difference-makers roll up their sleeves, take risks, act with integrity, and measure success by the value we create for our customers.  We want 6sense to be the best chapter of your career. </div>Purpose of the Job : As members of 6sense’s Security department, the Security Engineering team protects the platform across application, infrastructure, and cloud domains. The Vulnerability Operations function ensures that vulnerabilities are identified, triaged, validated, and remediated in a consistent, timely, and risk‑based manner. Senior Security Engineers work closely with Engineering, CloudOps, Product, and GRC teams to operationalize vulnerability management processes, build automation, standardize workflows, and ensure secure-by-default practices.  Responsibilities & Accountabilities : <ul class="ul1"> <li class="li1">Ensure vulnerability management tools (e.g., Wiz, Invicti, Rapid7, GHAS, Ox) are correctly configured for appropriate coverage and accurate detection. </li> <li class="li1">Perform hands-on triage, validation, and root cause analysis of vulnerabilities across AppSec, InfraSec, and CloudSec. </li> <li class="li1">Track and report vulnerability status against SLAs, escalating to engineering owners as needed. </li> <li class="li1">Build and maintain dashboards, filters, reports, and triage scripts to support visibility and automation. </li> <li class="li1">Assist engineering teams in reproducing and remediating vulnerabilities, providing actionable guidance. </li> <li class="li1">Support the bug bounty program operations (not ownership), including validation and coordination with engineering teams. </li> <li class="li1">Conduct security reviews and threat modeling for high-risk systems or changes. </li> <li class="li1">Participate in initiatives that holistically address systemic or multi‑domain vulnerabilities. </li> <li class="li1">Contribute to development of automated security testing pipelines for validation of fixes. </li> <li class="li1">Participate in on-call or off‑hours incident response related to critical vulnerabilities and time‑sensitive patches. </li> <li class="li1">Contribute to quarterly OKRs and security engineering roadmap initiatives. </li> </ul> Performance Measurement : <ul class="ul1"> <li class="li1">Understands 6sense’s product, architecture, cloud footprint, and environment in depth. </li> <li class="li1">Takes ownership of vulnerability triage and prioritization while escalating where required. </li> <li class="li1">Proactively identifies and escalates AI/ML‑related vulnerabilities or misconfigurations in systems integrating LLMs or automated decisioning. </li> <li class="li1">Meets tight deadlines and SLAs for vulnerability response and validation. </li> <li class="li1">Maintains accurate and up-to-date triage scripts, documentation, dashboards, and workflows. </li> <li class="li1">Participates in weekly 1:1s and skip levels; provides clear progress updates. </li> <li class="li1">Supports security engineers and development teams with accurate, actionable analysis. </li> <li class="li1">Effectively participates in incident response and post‑incident remediation. </li> </ul> Educational and Experience Requirements : <ul class="ul1"> <li class="li2">5+ years of experience in security engineering across vulnerability management, AppSec, CloudSec, or InfraSec. </li> <li class="li2">Experience with vulnerability tools (e.g., Wiz, Rapid7, Invicti, GHAS, SAST/DAST) and triage workflows. </li> <li class="li2">Understanding of cloud security (AWS preferred) and modern microservices architectures. </li> <li class="li2">Experience identifying and mitigating AI/ML‑related security risks, including model abuse, prompt‑injection vulnerabilities, and risks introduced by LLM‑based features. </li> <li class="li2">Experience with scripting/automation (Python, Bash, JavaScript, etc.). </li> <li class="li2">Experience working directly with engineering teams to address vulnerabilities. </li> <li class="li2">Familiarity with frameworks such as OWASP, NIST, CIS Benchmarks, MITRE ATT&CK. </li> <li class="li2">Experience with IaC security (Terraform, CloudFormation, Pulumi) preferred but not required. </li> </ul> Preferred Qualifications : <ul class="ul1"> <li class="li1">Bachelor's degree in a related field </li> <li class="li1">Relevant industry certifications, such as AWS, CNCF, and GIAC are highly desirable </li> </ul> Competencies and Behaviors : <ul class="ul1"> <li class="li2">Establishes strong credibility with engineering partners. </li> <li class="li2">Maintains a professional, outcome-focused demeanor. </li> <li class="li2">Advocates for vulnerability and security best practices. </li> <li class="li2">Works independently on complex triage and analysis tasks. </li> <li class="li2">Manages competing priorities effectively, escalating when appropriate. </li> <li class="li2">Communicates clearly across technical and non-technical audiences. </li> <li class="li2">Maintains accuracy, attention to detail, and documentation hygiene. </li> </ul><div class="content-conclusion">Our Benefits:  Full-time employees can take advantage of health coverage, paid parental leave, generous paid time-off and holidays, quarterly self-care days off, and stock options. We’ll make sure you have the equipment and support you need to work and connect with your teams, at home or in one of our oﬃces.  We have a growth mindset culture that is represented in all that we do, from onboarding through to numerous learning and development initiatives including access to our LinkedIn Learning platform. Employee well-being is also top of mind for us. We host quarterly wellness education sessions to encourage self care and personal growth. From wellness days to ERG-hosted events, we celebrate and energize all 6sense employees and their backgrounds.  Equal Opportunity Employer:  6sense is an Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to <a href="mailto:jobs@6sense.com">jobs@6sense.com</a><a href="mailto:jobs@6sense.com">.</a>  We are aware of recruiting impersonation attempts that are not affiliated with 6sense in any way. All email communications from 6sense will originate from the @6sense.com domain. We will not initially contact you via text message and will never request payments. If you are uncertain whether you have been contacted by an official 6sense employee, reach out to <a class="Hyperlink SCXW160271132 BCX0" href="mailto:jobs@indeed.com" target="_blank">jobs@6sense.com</a> </div>