Zocdoc
Zocdoc15h ago
New
USD 200000-290000/yr

Senior Staff Security Engineer, Vulnerability Management

United StatesUnited StatesRemotesenior
EngineeringSecurity Engineer
0 views0 saves0 applied

Quick Summary

Overview

Our Mission Healthcare should work for patients, but it doesn’t. In their time of need, they call down outdated insurance directories. Then wait on hold. Then wait weeks for the privilege of a visit.

Technical Tools
EngineeringSecurity Engineer

Healthcare should work for patients, but it doesn’t. In their time of need, they call down outdated insurance directories. Then wait on hold. Then wait weeks for the privilege of a visit. Then wait in a room solely designed for waiting. Then wait for a surprise bill. In any other consumer industry, the companies delivering such a poor customer experience would not survive. But in healthcare, patients lack market power. Which means they are expected to accept the unacceptable.

 

Zocdoc’s mission is to give power to the patient. To do that, we’ve built the leading healthcare marketplace that makes it easy to find and book in-person or virtual care in all 50 states, across +200 specialties and +12k insurance plans. By giving patients the ability to see and choose, we give them power. In doing so, we can make healthcare work like every other consumer sector, where businesses compete for customers, not the other way around. In time, this will drive quality up and prices down. 

 

We’re 18 years old and the leader in our space, but we are still just getting started. If you like solving important, complex problems alongside deeply thoughtful, driven, and collaborative teammates, read on.

 

Zocdoc’s most important asset is our people and our platform. As a Senior Staff Engineer, Vulnerability Management, you’ll play a meaningful role in strengthening both by architecting and scaling our next-generation vulnerability detection and remediation ecosystem across Compliance, Security, and Engineering. In this role, you’ll help move our security posture from reactive firefighting to predictive, continuous risk reduction through intelligent automation, deeper full-stack visibility, and faster remediation across infrastructure, containers, and application code.

  • Personally motivated by building secure, scalable systems that reduce real-world risk at scale.
  • Autonomous, urgent, and creative, and you love turning noisy security findings into actionable engineering outcomes.
  • Highly collaborative and energized by working across Security, Compliance, Engineering, and DevOps teams.
  • Passionate about offensive security, adversarial validation, and understanding how theoretical vulnerabilities translate into operational exposure.
  • A systems thinker who can connect infrastructure, application security, compliance, and automation into one cohesive program.
  • The kind of person who enjoys pairing deep technical judgment with practical execution and measurable impact.
  • Serious about your work, but not about yourself.
  • Owning the technical roadmap for an automated, AI-driven vulnerability scanning platform across cloud infrastructure, container registries, operating systems, and application-layer software.
  • Building context-engine models that correlate findings from SAST, DAST, SCA, and cloud posture tooling to determine true runtime exploitability.
  • Implementing AI-assisted triage workflows that classify vulnerabilities, reduce false positives, and route validated issues to the right engineering teams.
  • Leading targeted red teaming and collaborative purple teaming exercises to validate exploitable paths and strengthen runtime defenses.
  • Partnering directly with Software Engineering and DevOps to build automated remediation pipelines, including dependency update pull requests and base-image patching workflows.
  • Engineering security scanning guardrails into CI/CD pipelines and providing structured telemetry to support continuous compliance and executive risk visibility.
  • Working with cutting-edge GenAI tools and technology to analyze findings, improve prioritization, and accelerate remediation workflows.
  • Meaningful experience in security engineering, vulnerability management, or software development, with at least 8 years focused on infrastructure, container platforms, and product security.
  • A proven track record of writing production-grade automation scripts and building custom security tooling at scale.
  • Hands-on experience planning or executing offensive security exercises, red teaming, purple teaming, or penetration testing.
  • Deep experience securing cloud infrastructure and containerized ecosystems using platforms such as AWS, GCP, or Azure, along with Docker and Kubernetes.
  • Advanced proficiency in Python, Go, or Rust to build automation, integrate scanner APIs, and orchestrate automated patching workflows.
  • Strong familiarity with adversarial frameworks, vulnerability scoring systems such as CVSS and EPSS, and common application and infrastructure attack vectors including the OWASP Top 10.
  • Experience integrating security scanners into CI/CD workflows and using AI or LLM APIs to analyze code or log data for rapid prioritization.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • Advanced security certifications such as OSCE, OSCP, GXPN, CISSP, or equivalent practical engineering experience are highly valued.

What We Offer

~2 min read
Flexible work environment
Unlimited Vacation
100% paid employee health benefit options (including medical, dental, and vision)
401(k) with employer funded match
Corporate wellness programs with Headspace and Peloton
Sabbatical leave (for employees with 5+ years of service)
Competitive paid parental leave and fertility/family planning reimbursement
Cell phone reimbursement
Employee Resource Groups and ZocClubs to promote shared community and belonging
Great Place to Work Certified

Location & Eligibility

Where is the job
United States
Remote within one country
Who can apply
US

Listing Details

Posted
July 14, 2026
First seen
July 14, 2026
Last seen
July 15, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
87%
Scored at
July 14, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Zocdoc
Zocdoc
greenhouse

Zocdoc is an online medical care scheduling service that allows people to find and book in-person or telemedicine appointments for medical or dental care. It also functions as a physician and dentist rating and comparison database.

Employees
750
Founded
2007
View company profile
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

ZocdocSenior Staff Security Engineer, Vulnerability ManagementUSD 200000-290000