Senior Security Engineer, Vulnerability Management

CLEAR is building THE secure identity company of the future. Our mission is to make experiences safer and easier—physically and digitally. With more than 38 million Members and a growing network of partners across the world, CLEAR's secure identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or throughout your everyday life, CLEAR unlocks the magic of frictionless experiences. As a Senior Security Engineer, Vulnerability Management on our Product Security team you’ll help run and evolve CLEAR’s vulnerability management program across cloud, infrastructure, endpoints, and applications. You’ll operate the tools that surface risk (like Wiz, Tenable, and Github), turn findings into clear, actionable work, and partner with engineering teams to drive down real-world risk. Not just tickets. What you’ll do: Monitor and triage findings from Wiz, Tenable, GHAS, and other scanners, ensuring issues are routed to the right owners with the right context and priority. Manage on our centralized VM platform that aggregates findings across Wiz, Tenable, GHAS, and other sources and ensure consistent normalization, deduplication, and ownership mapping (e.g., by AWS tags, teams, or services) so we have a single, trustworthy view of risk. Manage CLEAR’s risk scoring and SLA models (High/Critical, “Most Wanted” assets, ETC) within the VM platform and make sure we are tracking overdue findings, SLA adherence, backlog trends, and top risky assets/teams Work directly with code, cloud, and endpoint teams to clarify findings, group related issues, and translate scanner output into concrete remediation plans that fit their roadmaps. Partner with engineering to get fixes shipped Participate in regular triage / review sessions, help prioritize backlog items, and follow through to ensure high‑risk issues are validated and closed in the source tools (not just Jira). Contribute to VM process and tool improvements with enhancements to connectors, data quality checks, scorecards, runbooks, and how‑to guides so vulnerability management processes are repeatable and easy to onboard to. How you’ll measure success: Cleaner, more accurate vulnerability data with fewer duplicates and orphaned tickets; consistent mapping between scanner findings, Jira issues, and asset/ownership data across Wiz, Tenable, and other tools. Improved remediation outcomes with a reduction in High/Critical vulnerabilities out of SLA, especially on top-risk assets and services, and visible burn‑down in dashboards and scorecards. Operational efficiency and predictability with less manual reconciliation across tools and spreadsheets; more of the VM workflow (triage, routing, validation, reporting) running through standard playbooks and automation. Trust in reporting as Security, Engineering, and Compliance stakeholders rely on VM dashboards as the single source of truth for vulnerability posture, SLAs, and exceptions. What you’re great at: 6+ years of experience in security engineering, vulnerability management, or security operations, ideally in a cloud‑first or SaaS environment. Hands‑on experience working with at least one modern vulnerability or exposure management stack (e.g., Wiz, Tenable, Rapid7, GHAS, or similar). Understanding of end‑to‑end VM workflows: scanning, triage, risk scoring, ticketing, validation, and reporting. Working knowledge of modern cloud and infrastructure patterns (AWS preferred), including how services, hosts, containers, and repos map to real teams and products. Strong written and verbal communication skills; can explain vulnerabilities, risk tradeoffs, and SLAs to both deeply technical engineers and non‑technical stakeholders. Experience supporting regulated environments (e.g., FedRAMP, PCI, SOC2) and preparing vulnerability‑related evidence for audits. How You'll be Rewarded: At CLEAR, we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with t ... (truncated, view full listing at source)