Listing Description

About The Role

Pagoda’s growing security team is looking for a Senior Security Engineer to join our team and lead the establishment of a robust Vulnerability Management program. This position will be primarily responsible for designing, implementing and maintaining the vulnerability management program.  With experience across information security, with a proven track record of implementing security programs in complex environments you will be a valuable member of the team.

What You'll Be Doing

• Design, implement, and maintain a comprehensive vulnerability management program across the organization


• Develop & maintain vulnerability management services, including vulnerability scanning, vulnerability assessments, and tracking support for vulnerability remediation


• Build and maintain policies, standard procedures and guidelines for vulnerability management


• Conduct regular vulnerability scans, analyze results, and prioritize remediation efforts based on risk and impact


• Prioritize remediation tasks based on risk level, assign them to the relevant system owner, and monitor progress until completion


• Apply root cause analysis to identify and assess problems and key drivers of success, draw potential conclusions from complex data sets


• Stay up-to-date with emerging threats and vulnerabilities and adjust the vulnerability management program as needed to address new risks


• Generate ad hoc metrics and reports as requested, providing insight into the vulnerability management program's effectiveness


• Stay aware of current business and industry trends relevant to the business and cybersecurity


• Develop and document processes and procedures for team members to use and to enhance efficiencies


• Provide subject matter expertise and guidance to stakeholders across the organization on vulnerability management best practices

What We're Looking For

• Bachelor’s Degree or industry equivalent work experience in vulnerability management 


• Experience in establishing and implementing a successful vulnerability management program 


• Solid experience in information security with a focus on vulnerability management


• Strong technical knowledge of vulnerability scanning tools, vulnerability assessment methodologies, and industry-standard security frameworks (eg. NIST, CIS)


• Understanding of vulnerability management processes and lifecycle


• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions


• Strong analytical and problem-solving skills, ability to prioritize and manage multiple tasks and projects  


• Ability to examine issues both strategically and analytically


• Strong communication skills and ability to work with cross-functional and remote teams


• Ability to contribute to other Information security tasks and duties as required

We'd Love If You Have

• A passion for security and Web3


• Experience in a start-up environment


• Professional certifications such as CISSP, CISM, or SANS GIAC 


• Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)

Here’s What Our Interview Process Looks Like

Depending on calendar availability, from the first stage to the final stage, we do our best to keep the entire process to under three weeks. Our interviews take place via Zoom and typically consists of the following stages:

• Internal Recruiter Call (30 to 45 minutes)


• Meet with the Hiring Manager (30-60 minutes)


• Technical Interviews (2 x 60 minutes)


• Pagoda Values Interview (30 to 45 minutes)

Please let us know if you require any special requirements for your interview and we’ll do our best to accommodate.

Ideal Location For This Role

This is a fully remote role, so that your timezone matches or overlaps with our leadership for this role, you’ll ideally be located in North America.