← All verified jobs

Cybersecurity Engineer - Vulnerability Management

jane street New York, New York, United States

See all open roles at jane street

Ghost-risk verdict

Likely real

  • 215 open roles at this company in 30 days (mass-hiring blitz)
  • no salary disclosed (correlates with ghost postings)

How we score ghost risk →

See your fit for this role and apply with a truthfully tailored résumé.

See my fit, free

About the role

About the Position

We're looking for a Cybersecurity Engineer to help us mature our vulnerability management program. You'll join our Cybersecurity team, a skilled group of programmers and security experts dedicated to keeping the firm safe.

Vulnerability management is the focus of this role, but it doesn't tell the whole story—we want a well-rounded engineer whose knowledge spans the different facets of cybersecurity, because that broader perspective is what lets you reason well about real risk and where to spend effort.

Vulnerability management is a well-established part of how we keep the firm safe, and as we grow, we're continuing to invest in it, with a particular focus on automation and on scaling the program to keep pace with an expanding environment.

This is a hands-on, build-heavy role. We want someone with a strong technical foundation who isn't afraid to build something themselves, who has good judgment about what actually matters, and who can explain the "why" behind a risk and its mitigation. Manual triage doesn't scale at our size, so you'll lean on automation, including AI tooling paired with good judgment, knowing where it helps and when we need a human in the loop.

Your work will also include

Supporting and improving the vulnerability management lifecycle end to end, from discovery and validation through triage, assignment, remediation tracking, and verification

Reviewing new findings from automated scanning tools, threat intel, and security advisories, then prioritizing based on real exploitability and exposure rather than severity score alone, so we act on what genuinely matters

Validating and deduplicating findings across sources, confirming whether an affected product or component is actually present, and routing work to the team that owns the fix

Measuring scanning coverage and data quality and knowing what isn't being scanned, where scans are stale, and where authentication is failing, rather than assuming coverage is complete

Driving automation across vulnerability management tooling and processes

Broadening scanning coverage across asset classes, including evaluating and migrating scanning platforms as needed

Bringing software inventory and SBOM data into the picture so we can answer where a vulnerable component is used across our software, not just what's running on a given host

Building dashboards and metrics that measure coverage, SLAs, and progress

About You

You automate rather than do things by hand, keep your code and configs in version control by default, work comfortably under code review, and care about leaving things maintainable

You’re comfortable working with data, querying and shaping it, and building and debugging the data pipelines and integrations that stitch messy, inconsistent inputs into something dependable

You have hands-on vulnerability management experience in a substantial environment, including experience with an automated scanning platform such as Rapid7, Tenable, or Qualys, and an understanding of how scanning, asset inventory, and remediation tracking fit together

You’re a measured responder who reasons about trade-offs and context, understands threat modeling, and knows not every finding deserves the same urgency

You follow cybersecurity developments and can tell the difference between an interesting hack and what matters day-to-day

You understand and practice good personal cybersecurity hygiene, and can talk to others about it

You’re a clear communicator across audiences, who writes things down so others can follow

You have a positive and collaborative attitude; You understand that a key component of cybersecurity is bringing others along with you on the journey

If you're a recruiting agency and want to partner with us, please reach out to agency-partnerships@janestreet.com

Stop applying to ghosts.

OyaPilot surfaces only verified, real jobs, scores your fit, and tailors your application truthfully.