Vulnerability Engineer I

As an entry-level Vulnerability Engineer I, you will be responsible for assisting in identifying, assessing, and providing mitigations on security vulnerabilities within our systems and applications. You will work closely with other security professionals, developers, and IT teams to help ensure the integrity and security of our applications and infrastructure. In this role, you will focus on application security, vulnerability management, and proactive security measures for web applications, APIs, and other software platforms. This is an excellent opportunity for a motivated. detail-oriented individual who is eager to learn and grow in the cybersecurity field.

Ready to get in the driver’s seat? Join us!

What you’ll do

Identify, assess, and manage vulnerabilities by:

• Conducting regular scans using tools (e.g., Rapid7 IVM, Orca, Snyk, StackHawk) to identify weaknesses in systems, applications, and networks, and interpreting scan results to identify and validate vulnerabilities to be ingested into the vulnerability management process.
• Analyzing vulnerabilities based on context, such as asset criticality, exposure, exploitability and overall risk impact to classify them by severity (e.g., critical, high, medium, low).
• Documenting vulnerability findings and remediation efforts in tracking systems (e.g., Azure DevOps, ServiceNow)
• Preparing and maintaining vulnerability management reports for leadership and other stakeholders.
• Researching and providing recommendations for remediation or mitigation strategies.
• Assisting with the patch management process by identifying missing patches or outdated software versions.
• Coordinating with teams to deploy security patches, software/firmware updates, and code changes.
• Assessing the risk of vulnerabilities in the context of business operations and assisting in the prioritization of remediation efforts.
• Staying up to date with the latest cybersecurity threats, vulnerabilities, and patching trends.
• Overseeing and coordinating penetration testing efforts to identify and address security vulnerabilities in systems, applications, and networks.
• Validating and triaging submissions via bug bounty program or other team communication tools ensuring valid vulnerabilities are ingested into the vulnerability management process.
• Participating in internal audits, vulnerability assessments, and security best practice reviews.
• Implementing and managing continuous control testing to ensure ongoing compliance with security policies and standards.

Own and Support the Teams Tools, Processed, and Procedures by:

• Developing a working understanding of your team’s products – its purpose and its capabilities.
• Understanding how your assigned tasks relate to the goals your team is working to deliver.
• Actively practicing troubleshooting and participating in the on-call support rotation for the team’s production services.
• Comprehending and monitoring the programs key operational metrics and understanding how your work relates to them.

Improve Your Skills as an Engineer by:

• Carefully researching and deliberately practicing the tools used throughout the vulnerability management lifecycle, including vulnerability scanning tools, patch management systems, and security information and event management (SIEM) tools.
• Learning to recognize vulnerability complexity and methods for simplifying remediation efforts.
• Learning and applying practices such as risk assessment and mitigation strategies with a special focus on the concepts of asset criticality and exploitability.
• Introspecting on, and seeking feedback on, your current communication and behavioral patterns and actively and continually working to improve them.

Contribute to and Engage in a Collaborative Environment by:

• Being an active participant in all team activities: team ceremonies, banter, troubleshooting, design discussions, work breakdowns, etc.
• Asking for explanations on concepts, vulnerabilities, and discussions you don’t understand. This is one of the most powerful things a level one engineers can do.
• Asking for help in a timely manner. Balance researching on your own to ask good questions against waiting too long and potentially hurting your team’s chances of completing their work on time.
• Actively listening.

This Might Describe You:

• Completed some professional training (e.g., college, bootcamps) in cybersecurity or a related field.
• Comfortable working and engaging with a wide range of engineering teams across the organization.
• Eager to deeply learn, both independently and with help, our technologies and patterns such as:
  • Vulnerability Scanning Tools: Rapid7 IVM, Orca, Snyk, StackHawk, etc.
  • Security Protocols: SAML, OAuth 2, OIDC, LDAP, Kerberos, HTTP/S
  • Threat Intelligence: Understanding and integrating threat intelligence feeds to identify emerging vulnerabilities.
  • Penetration Testing: Assisting in planning and executing penetration tests and analyzing results.
  • Security Controls: Validating and implementing security controls to mitigate identified vulnerabilities.
  • Secure Coding Practices: Promoting and implementing secure coding practices to address application vulnerabilities.
• Able to clearly communicate your thoughts and actively listen to and integrate the thoughts and comments of others.

Other things to note 

• This role can be worked from any U.S. remote location. 
• Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable. 

Say hello to Hagerty 

Hagerty is an automotive enthusiast brand and the world’s largest membership organization. Along with being a best-in-class provider of specialty insurance for enthusiasts, Hagerty is also home to the Hagerty Drivers Foundation, Garage + Social, Hagerty Drivers Club, Marketplace and so much more. Committed to saving driving for future generations, each and every thing Hagerty does is dedicated to the love of the automobile. 

Hagerty is a rapidly growing company that values a winning culture. We provide meaningful work for and invest in every single team member. 

At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age, or car preference.  We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world. 

If you reside in the following jurisdictions: California, Colorado, District of Columbia, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, New Jersey, Ohio, Rhode Island, Vermont, Washington, or Canada please email recruiting@hagerty.com for compensation, comprehensive benefits and the perks that set us apart.  

#LI-Remote  

EEO/AA 

US Benefits Overview

Canada Benefits Overview

UK Benefits Overview

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!