Senior Security Engineer – Vulnerability Management & Penetration Testing

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.  

Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values.

Role Overview 

We are looking for a Senior Security Engineer to drive vulnerability management and penetration testing across applications and infrastructure. 

This role is focused on hands-on identification, validation, and remediation of security issues, with an emphasis on building scalable processes and improving overall security posture. 

Key Responsibilities 

• Own and operate the vulnerability management lifecycle, including:  

• Continuous scanning (applications, infrastructure, dependencies)  

• Risk-based prioritization  

• Tracking and driving remediation  

• Perform penetration testing on web applications, APIs, and cloud environments.  

• Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.  

• Partner with engineering teams to fix vulnerabilities and prevent recurrence.  

• Implement and manage tools for:  

• SAST, DAST, and dependency scanning  

• Infrastructure and container scanning  

• Develop repeatable testing methodologies and automation.  

• Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.  

• Track metrics and report on risk posture and remediation progress.  

• Contribute to improving secure development practices based on findings.  

Required Qualifications 

• 5–9+ years of experience in security engineering, vulnerability management, or penetration testing.  

• Hands-on experience with:  

• Web and API security testing  

• Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)  

• Strong understanding of attack techniques and exploitation methods.  

• Experience with security scanning tools and frameworks.  

• Ability to analyze and validate vulnerabilities in real-world systems.  

• Familiarity with cloud environments (Azure preferred).  

Preferred Qualifications 

• Experience with automating security testing in CI/CD pipelines.  

• Familiarity with container and Kubernetes security.  

• Experience with bug bounty or red teaming.  

• Relevant certifications (e.g., OSCP, CEH, GWAPT).  

What We’re Looking For 

• Strong hands-on tester and problem solver.  

• Ability to go beyond tools and think like an attacker.  

• Focus on impact-driven security, not just findings.