Job
Description
Job Description Who We Are Sureifys mission is to modernize the life insurance and annuity industry by helping carriers acquire, service, and engage their customers through any distribution channel. Sureifys products empower life insurance carriers, agents, employees, and customers to have the digital experiences that employees and consumers have come to expect in the rapidly advancing tech climate. Your Role as a Valued Team Member We are seeking a detail-oriented and proactive Vulnerability Remediation Engineer to join our growing Infosec team. The person will be responsible for reducing the risk exposure of security vulnerabilities from the scope of Sureify overall. This role entails monitoring ongoing security vulnerabilities, analyzing risk posture, collaborating with stakeholders/finding owners for managing resolutions, and acting as an SME to assess discovered vulnerabilities. You will also provide pragmatic solutions and be flexible in supporting emergency vulnerability remediations. The ideal candidate will possess a strong understanding of security protocols, vulnerability management, system administration, and software development lifecycle, as well as excellent communication skills to collaborate with cross-functional teams. This role does require some overlap of hours with a team based in San Jose, California. Your Key Responsibilities Review and assess security vulnerabilities, patches, and findings from internal audits, security scans, and penetration tests. Prioritize vulnerabilities based on risk and impact, and ensure timely patching or remediation. Enforce patch compliance by tracking deployments, addressing exceptions, and ensuring adherence to vulnerability remediation Service Level Agreements (SLAs). Collaborate with security and IT teams to develop and implement security patches for critical vulnerabilities. Work closely with developers and DevOps teams to understand the root cause of security vulnerabilities and propose appropriate fixes. Assist development teams in the integration of security features and secure coding practices throughout the software development lifecycle (SDLC). Develop and maintain scripts for automated patch deployment across various systems and applications. Automate vulnerability patching workflows using scripting languages such as Python, PowerShell, Bash, etc. Collaborate with the development team to create and test patches, ensuring that they do not disrupt the functionality of applications or systems. Maintain detailed records of patches, and remediation actions. Prepare and present reports on patch management progress, risks, and status to senior management. Flexibly support emergency response for 0-day vulnerability remediation. Automating processes of security from time to time when needed. Identify potential improvement areas for vulnerability remediation and share lessons learned. Continuously monitor for emerging vulnerabilities and maintain an up-to-date patching schedule. Role Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent work experience). Server administration experience (Windows/RHEL) with a solid understanding of industry best practices for Patch Management and Vulnerability Remediation. Experience in vulnerability management, security patching, or related security roles. Experience supporting vulnerability emergency response or security incidents, including coordinating with relevant stakeholders, implementing corrective/preventive actions, and guiding security patching of software or components. Strong knowledge of security vulnerabilities in software and infrastructure components (servers, clients, network devices, perimeter security technologies, protocols/services, middleware, databases, configurations, etc.). In-depth understanding of security processes related to vulnerability management, security patching, security configurations, and technical security validations. Strong understanding of common network protocols (TCP/IP, DNS, HTTP, HTTPS, SMTP, etc.) and how vulnerabilities in these protocols can affect system security. Strong experience in at least one scripting language such as Python, PowerShell, Bash, etc. Familiarity with cloud platforms (AWS) and their security models. Knowledge of Cloud & Vulnerability Security tools such as Qualys, SentinelOne, or Crowdstrike Good understanding of industry-standard regulations and risk management frameworks (e.g., ISO, SOC, HIPAA, GDPR, CCPA). Familiarity with security frameworks such as SANS Top 25, OWASP Top 10, and/or MITRE ATT&CK. Knowledge of secure coding practices and development environments. Familiarity with container security (Docker, Kubernetes) and securing microservices is a plus. Security certifications such as Security+, SSCP, CEH, or other equivalent recognized certifications are a plus. Excellent communication and interpersonal skills, with the ability to articulate complex technical vulnerabilities and remediation actions to both technical and non-technical stakeholders. Show more Show less
