CJIS Licensed Vulnerability Engineer

Job Summary

Owning the full vulnerability management pipeline, the full-time remote CJIS Licensed Vulnerability Engineer will proactively discover vulnerabilities, develop and deliver fixes, and maintain operational health of security tools while collaborating with cross-functional teams to enhance software security.

Key responsibilities

• Operate and improve an AI-powered scanning pipeline for vulnerability discovery across codebases and dependencies
• Develop, validate, and submit fixes for vulnerabilities, ensuring thorough documentation for review and merge
• Manage the SLA lifecycle for open findings, producing regular reports on pipeline health and remediation velocity

Required qualifications

• Bachelor's degree in Cybersecurity, Computer Science, or Information Technology, or equivalent professional experience
• 5-7 years of experience in application security or vulnerability management
• Hands-on experience using AI coding agents for vulnerability discovery and fix generation
• Proficiency with SAST and SCA tools, particularly Veracode, and experience with cloud security management tools like Orca
• Familiarity with security frameworks such as NIST CSF and CIS Controls