About this role
Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.
Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values .
Role Overview
We are looking for a Senior Security Engineer to drive vulnerability management and penetration testing across applications and infrastructure.
This role is focused on hands-on identification, validation, and remediation of security issues , with an emphasis on building scalable processes and improving overall security posture.
Key Responsibilities
• Own and operate the vulnerability management lifecycle , including:
• Continuous scanning (applications, infrastructure, dependencies)
• Risk-based prioritization
• Tracking and driving remediation
• Perform penetration testing on web applications, APIs, and cloud environments.
• Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.
• Partner with engineering teams to fix vulnerabilities and prevent recurrence .
• Implement and manage tools for:
• SAST, DAST, and dependency scanning
• Infrastructure and container scanning
• Develop repeatable testing methodologies and automation .
• Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.
• Track metrics and report on risk posture and remediation progress .
• Contribute to improving secure development practices based on findings.
Required Qualifications
• 5–9+ years of experience in security engineering, vulnerability management, or penetration testing .
• Hands-on experience with:
• Web and API security testing
• Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)
• Strong understanding of attack techniques and exploitation methods .
• Experience with security scanning tools and frameworks .
• Ability to analyze and validate vulnerabilities in real-world systems .
• Familiarity with cloud environments (Azure preferred) .
Preferred Qualifications
• Experience with automating security testing in CI/CD pipelines .
• Familiarity with container and Kubernetes security .
• Experience with bug bounty or red teaming .
• Relevant certifications (e.g., OSCP, CEH, GWAPT).
What We’re Looking For
• Strong hands-on tester and problem solver .
• Ability to go beyond tools and think like an attacker .
• Focus on impact-driven security , not just findings.
Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values .
Role Overview
We are looking for a Senior Security Engineer to drive vulnerability management and penetration testing across applications and infrastructure.
This role is focused on hands-on identification, validation, and remediation of security issues , with an emphasis on building scalable processes and improving overall security posture.
Key Responsibilities
• Own and operate the vulnerability management lifecycle , including:
• Continuous scanning (applications, infrastructure, dependencies)
• Risk-based prioritization
• Tracking and driving remediation
• Perform penetration testing on web applications, APIs, and cloud environments.
• Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.
• Partner with engineering teams to fix vulnerabilities and prevent recurrence .
• Implement and manage tools for:
• SAST, DAST, and dependency scanning
• Infrastructure and container scanning
• Develop repeatable testing methodologies and automation .
• Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.
• Track metrics and report on risk posture and remediation progress .
• Contribute to improving secure development practices based on findings.
Required Qualifications
• 5–9+ years of experience in security engineering, vulnerability management, or penetration testing .
• Hands-on experience with:
• Web and API security testing
• Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)
• Strong understanding of attack techniques and exploitation methods .
• Experience with security scanning tools and frameworks .
• Ability to analyze and validate vulnerabilities in real-world systems .
• Familiarity with cloud environments (Azure preferred) .
Preferred Qualifications
• Experience with automating security testing in CI/CD pipelines .
• Familiarity with container and Kubernetes security .
• Experience with bug bounty or red teaming .
• Relevant certifications (e.g., OSCP, CEH, GWAPT).
What We’re Looking For
• Strong hands-on tester and problem solver .
• Ability to go beyond tools and think like an attacker .
• Focus on impact-driven security , not just findings.
Tech stack
AzureKubernetes
About Truveta
Truveta is hiring for the senior security engineer – vulnerability management & penetration testing role. NewJob aggregates active openings directly from Truveta's applicant tracking system, so this listing is current.
More jobs at Truveta →