Staff Security Engineer - Vulnerability Management

Nscale is a GPU cloud engineered for AI, providing high-performance infrastructure for AI-focused companies. They are seeking a Senior Staff Engineer - Vulnerability Management to build an engineering-led exposure management program that connects vulnerability data to ownership and remediation paths, driving accountability and risk reduction across teams.

Responsibilities:

• Own vulnerability management strategy across endpoints, servers, cloud, container platforms, SaaS, internet-facing assets, and production systems
• Build an exposure management program that connects findings to ownership, prioritization, remediation, and risk outcomes
• Define telemetry requirements that support detection, incident response, audit, compliance, customer assurance, and executive reporting
• Establish asset ownership and exposure context, including business criticality, internet exposure, privileged access paths, data sensitivity, exploitability, compensating controls, and remediation owner
• Develop risk-based prioritization models using severity, exploitability, asset value, threat intelligence, exposure path, and operational impact
• Identify the most material exposures based on exploitability, business impact, internet exposure, privilege path, and remediation feasibility
• Drive remediation workflows with infrastructure, platform, IT, endpoint, application, and service-owner teams
• Create patch and configuration remediation proof loops that show finding, owner, fix path, validation, evidence, and closure
• Implement deployment readiness gates and post-remediation validation to ensure fixes are complete and durable
• Establish exception governance with defined owner, risk, compensating controls, expiry, evidence, and review cadence
• Build a current-state exposure map covering critical assets, telemetry sources, owners, remediation paths, exception records, and gaps
• Partner with Security Data to define exposure-driven detections and source-health reporting
• Create leadership-ready dashboards showing coverage, critical exposure burn-down, overdue remediation, exception age, and owner accountability
• Define a triage model that separates urgent action, planned remediation, accepted exception, and false positive
• Critical exposure burn-down
• Overdue remediation
• Exception age
• Owner coverage

Requirements:

• 8+ years in vulnerability management, exposure management, infrastructure security, cloud security, security engineering, or related engineering roles
• Deep hands-on experience turning vulnerability, asset, configuration, and exposure data into risk-based remediation programs
• Strong understanding of operating systems, cloud platforms, container platforms, network exposure, application dependencies, endpoint posture, and production operations
• Experience building remediation workflows with engineering, IT, infrastructure, application, and service-owner teams
• Experience with exploitability analysis, threat intelligence enrichment, patch prioritization, exception governance, and remediation validation
• Strong automation, data analysis, scripting, or workflow engineering skills
• Ability to influence technical teams through clear risk reasoning, practical remediation paths, and measurable outcomes
• Experience with cloud posture, container posture, external attack surface management, runtime security, or attack-path analysis is valued
• Experience with AI infrastructure, GPU clusters, sovereign cloud, multi-tenant platforms, bare metal, HPC, or hyperscale environments is a plus
• Experience producing customer-facing security evidence, control narratives, or audit artifacts is a plus