Senior Security Engineer – Vulnerability Management & Penetration Testing

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.    Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our  company values . Role Overview   We are looking for a Senior Security Engineer  to drive  vulnerability management and penetration testing  across applications and infrastructure.   This role is focused on  hands-on identification, validation, and remediation of security issues , with an emphasis on building scalable processes and improving overall security posture.     Key Responsibilities   Own and operate the  vulnerability management lifecycle , including:    Continuous scanning (applications, infrastructure, dependencies)    Risk-based prioritization    Tracking and driving remediation    Perform  penetration testing  on web applications, APIs, and cloud environments.    Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.    Partner with engineering teams to  fix vulnerabilities and prevent recurrence .    Implement and manage tools for:    SAST, DAST, and dependency scanning    Infrastructure and container scanning    Develop  repeatable testing methodologies and automation .    Conduct  adversarial testing and exploit validation  to simulate real-world attack scenarios.    Track metrics and report on  risk posture and remediation progress .    Contribute to improving  secure development practices  based on findings.      Required Qualifications   5–9+ years of experience in  security engineering, vulnerability management, or penetration testing .    Hands-on experience with:    Web and API security testing    Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)    Strong understanding of  attack techniques and exploitation methods .    Experience with  security scanning tools and frameworks .    Ability to  analyze and validate vulnerabilities in real-world systems .    Familiarity with  cloud environments (Azure preferred) .      Preferred Qualifications   Experience with  automating security testing in CI/CD pipelines .    Familiarity with  container and Kubernetes security .    Experience with  bug bounty or red teaming .    Relevant certifications (e.g., OSCP, CEH, GWAPT).      What We’re Looking For   Strong  hands-on tester and problem solver .    Ability to go beyond tools and  think like an attacker .    Focus on  impact-driven security , not just findings.