Vulnerability Operations Engineer

Lancesoft

New York, NY

JOB DETAILS
SALARY
$1
SKILLS
Application Programming Interface (API), Artificial Intelligence (AI), Automation, Cloud Computing, Communication Skills, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Cost Control, Data Modeling, Data Quality, Documentation, Enterprise Protection, Establish Priorities, Injections, Internet Security, Machine Tool, Metrics, Model Validation, Production Systems, Prototyping, Python Programming/Scripting Language, REST (Representational State Transfer), Reliability Engineering, Reporting Dashboards, Risk, Security Infrastructure, Splunk, Structured Data
LOCATION
New York, NY
POSTED
10 days ago
Description: Hearst Technology s Cybersecurity Organization is seeking a Vulnerability Operations Engineer. This role will own the engineering layer of our vulnerability management operations: the integrations, pipelines, dashboards, and AI-assisted workflows that turn raw tool output into actionable, business-unit-specific insight. This role exists to relieve operational concentration risk on the vulnerability management function and to deliver visible AI-driven productivity gains across the security program. This is a hybrid on-site position, with a requirement to be in a Hearst office three times per week.
What You Will Own
Integration and automation across the security tooling stack, including data normalization, deduplication, and enrichment pipelines.
AI-assisted reporting pipelines that transform tool output into business-unit-specific narratives for monthly metric reviews, replacing manual report assembly.
LLM-integrated workflows for alert triage, vulnerability summarization, remediation guidance generation, and finding prioritization.
Evaluation, prototyping, and operationalization of emerging AI security tools including agentic testing platforms and AI-driven offensive security tooling with clear, evidence-based recommendations on what to adopt.
Ownership of the technical infrastructure behind monthly business unit metric reviews dashboards, data quality, and the pipeline from tool to executive-ready output.
Partnership with the vulnerability management lead to encode operational knowledge into automation, reducing single-person dependency on the function.
Contributing to the AI governance posture for security operations documenting prompts, model selection, validation approaches, and human-in-the-loop checkpoints.
Required Qualifications
5+ years in a security engineering, detection engineering, SOAR, or security automation role with significant production coding responsibility.
Strong Python skills, with demonstrated experience building integrations against REST APIs, working with structured data at scale, and shipping code to production.
Hands-on experience with at least two of: Tenable, CrowdStrike, Wiz, Qualys, Rapid7, Splunk, or equivalent enterprise security platforms.
Practical experience integrating LLMs into production workflows direct API usage (Anthropic, OpenAI, or equivalent), prompt engineering for production reliability, and an understanding of failure modes including hallucination, prompt injection, and cost management.
Comfortable working in CI/CD, infrastructure-as-code, and modern cloud environments.
Clear written communication capable of producing internal documentation, runbooks, and executive-ready summaries.
Preferred Qualifications
Experience with agent frameworks (LangChain, LlamaIndex, or equivalent) and with retrieval-augmented generation patterns applied to security data.
Background in SOAR development (Tines, Torq, Cortex XSOAR, Splunk SOAR) or detection-as-code workflows.
Familiarity with the security tooling vendor landscape and ability to make pragmatic build-vs-buy recommendations.
Prior work in a multi-tenant or multi-business-unit environment where data isolation and per-tenant reporting matter.
Exposure to AI security risks prompt injection, model abuse, data leakage and approaches to mitigating them in production systems.

Custom Fields:
Name: Worker Download Status
Value: None

About the Company

L

Lancesoft

We are a $125 Million, NMSDC-certified Minority & Woman owned Workforce Solutions Company headquartered in the DC metro area with presence across US with global presence - Canada, Mexico, India, UK, Malaysia, Indonasia, Hongkong, Singapore, UAE. We are specialized in providing Workforce Solutions, SOW project delivery, Engineering Solutions, Creative Services. We currently support 100+ Fortune companies globally and across multiple industry segments. We are currently supporting several massive programs across industry segment nationally/globally (Intel, Ally, AMD, QUALCOMM, Morgan Stanley, Kraft/ Mondelez, MNP, Amdocs, Dell, SanDisk, Medtronic, Becton Dickinson, GE, Lockheed Martin, UTC, L-3 Communications, Caterpillar, BMW, Mercedes Benz, National Grid, Dominion, Energy Future Holdings, PSEG, 3M, Fidelity, Aetna, Humana, Johnson & Johnson, Pfizer, Merck etc). 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, identity, national origin, disability, or protected veteran status.

COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
2000
WEBSITE
http://www.lancesoft.com/