Senior Security Engineer

​​​This position is part of the Fullsteam InfoSec Team which is directly responsible for working with Business Units and Fullsteam Corporate on security initiatives and response.​​ 

​​At Fullsteam, we're committed to protecting our digital assets and delivering the highest standard of security across our business. As we continue to scale our security programs, we're looking for a passionate security professional to join our Proactive Security team. 

​We're a small, high-ownership team tackling vulnerability and risk exposure across a broad surface; infrastructure, applications, software, AI systems, and external attack surface. This isn't a ticket queue role; you'll have real ownership across the full vulnerability lifecycle, contribute to automation and tooling, and work directly alongside security leadership. If you thrive in a fast-paced environment and want to help shape a growing VM program, we want to hear from you.​ 

Primary Responsibilities: 

• ​​Contribute to and help mature our vulnerability management program, ensuring identified risks are remediated according to SLAs across the enterprise and business units 

• ​Identify and report known vulnerabilities across infrastructure (cloud and on-prem), applications, software, AI systems, and external attack surface 

• ​Monitor external attack surface exposures and contribute to remediation prioritization 

• ​Produce vulnerability metrics, trending reports, and risk summaries for security leadership and business unit stakeholders 

• ​Support alignment of the VM program with industry regulations and standards (PCI-DSS, SOC2, NIST CSF, ISO 27001) 

• ​Collaborate with Security, IT, and BU Engineering teams to drive effective and measurable vulnerability and risk exposure outcomes 

• ​Contribute to risk management and governance functions (e.g., risk register, key metrics, vulnerability reports) 

• ​Develop and contribute to AI-assisted HITL (Human in the Loop) automation and workflows for Proactive Security initiatives 

• ​Collaborate with and learn alongside other Proactive Security team members​ 

Skills & Competencies: 

• ​​8+ years of Information Technology / Security experience with 2-4+ years of hands-on experience in vulnerability management, attack surface management, or related security functions 

• ​Working knowledge of security tools such as Wiz, Snyk, Qualys, Nessus, MS Defender, or similar platforms 

• ​Experience with vulnerability prioritization frameworks (CVSS, EPSS, risk-based scoring) 

• ​Experience with application security testing concepts and tools (SAST, DAST, IAST, Burp Suite, Postman, GitHub, etc.) 

• ​Basic scripting or programming experience in any language, or a strong desire to develop this skill 

• ​Ability to produce clear, actionable security reporting for both technical and non-technical audiences 

• ​Hands-on experience with AI-assisted security workflows (prompt engineering, agent development, MCP tooling) 

• ​Experience developing or contributing to process documentation 

• ​Ability to work independently in a fully remote environment while managing multiple concurrent priorities 

• ​Experience working in a multi-business-unit or enterprise environment 

• ​Genuine curiosity and desire to grow​ 

Minimum Qualifications: 

• ​​​CISSP or equivalent certification (GIAC, CISM, CRISC) 

• ​Bachelor’s degree in cybersecurity or equivalent work experience 

• ​Hands-on Defensive or Offensive security training or work experience 

• ​Project management knowledge, training and/or certifications