[Hiring] Principal Vulnerability Management Engineer @Zscaler

Role Description

We are looking for a Principal Engineer, Vulnerability & Exposure Management to help modernize how we discover, prioritize, and reduce security exposure across infrastructure, cloud, applications, APIs, endpoints, containers, and internet-facing assets. This is a remote role based in India, reporting to the Senior Manager, Information Security Engineering.

This is an individual contributor role for someone who can operate strategically and technically:

• Define the operating model, build scalable workflows, influence engineering teams, and go deep into findings, coverage gaps, scanner limitations, and remediation paths.
• We are looking for someone who can improve the system itself, not just run scans, export reports, and follow up on tickets.

What you’ll do (Role Expectations)

• Lead comprehensive vulnerability and exposure management initiatives across infrastructure, cloud, APIs, and containers, evolving the function from a traditional reporting role into a high-leverage product security engineering capability.
• Define advanced, risk-based prioritization models that integrate threat intelligence and business context, drastically reducing noise and duplicate findings for engineering teams.
• Design and deploy automated data pipelines, scripting, and workflow orchestration to streamline the entire lifecycle of asset discovery, authenticated scanning, triage, routing, and validation.
• Drive external attack surface management (EASM) to map internet-facing assets while identifying program gaps, including unauthenticated scans, stale asset ownership, and untracked exceptions.
• Collaborate directly with DevOps, IT, and Engineering teams to translate complex vulnerability data into practical technical guidance, durable infrastructure improvements, and leadership-ready performance metrics.

Qualifications

• 12+ years of experience in security engineering or product security, including 7+ years of hands-on experience driving and scaling vulnerability and exposure management programs within complex environments.
• Deep understanding of scanner mechanics (including authenticated/unauthenticated scanning, coverage gaps, and asset correlation) paired with proficiency in platforms like Tenable, Qualys, Wiz, CrowdStrike, or Burp Suite.
• Practical experience implementing risk-based frameworks that leverage modern exploitability signals, threat intelligence, KEV, EPSS, and asset criticality to prioritize threats effectively.
• Hands-on automation capabilities using Python, PowerShell, APIs, data pipelines, or workflow orchestration platforms to eliminate manual operational overhead.
• Proven ability to partner collaboratively with engineering teams to drive remediation and translate complex technical data into clear insights for senior leadership.

Requirements

• Extensive experience securing multi-cloud environments (AWS, Azure, GCP) and containerized architecture (Kubernetes), including image scanning, runtime security, and embedding security guardrails into CI/CD and DevSecOps pipelines.
• Proven track record in advanced vulnerability prioritization strategies (EASM, CTEM, and attack-path analysis) paired with the ability to integrate vulnerability data seamlessly into CMDBs, asset inventories, and ownership tracking systems.
• Deep familiarity with orchestration and ticketing platforms (Avalor, Nucleus, Tines, Jira, ServiceNow) to build AI-assisted, self-service triage, remediation, and reporting workflows that drive operational efficiency for engineering teams.

Benefits

• Various health plans
• Time off plans for vacation and sick time
• Parental leave options
• Retirement options
• Education reimbursement
• In-office perks, and more!