Zocdoc Logo

Zocdoc

Senior Staff Software Engineer, Vulnerability Management

Posted An Hour Ago
Be an Early Applicant
Easy Apply
Remote or Hybrid
Hiring Remotely in USA
200K-290K Annually
Senior level
Easy Apply
Remote or Hybrid
Hiring Remotely in USA
200K-290K Annually
Senior level
Lead architecture and scaling of an automated, AI-driven vulnerability detection and remediation platform across cloud, containers, and applications. Correlate SAST/DAST/SCA findings, implement AI-assisted triage, run red/purple team validation, and build automated remediation pipelines integrated into CI/CD for continuous compliance and risk reduction.
The summary above was generated by AI

Our Mission

Healthcare should work for patients, but it doesn’t. In their time of need, they call down outdated insurance directories. Then wait on hold. Then wait weeks for the privilege of a visit. Then wait in a room solely designed for waiting. Then wait for a surprise bill. In any other consumer industry, the companies delivering such a poor customer experience would not survive. But in healthcare, patients lack market power. Which means they are expected to accept the unacceptable.


Zocdoc’s mission is to give power to the patient. To do that, we’ve built the leading healthcare marketplace that makes it easy to find and book in-person or virtual care in all 50 states, across +200 specialties and +12k insurance plans. By giving patients the ability to see and choose, we give them power. In doing so, we can make healthcare work like every other consumer sector, where businesses compete for customers, not the other way around. In time, this will drive quality up and prices down. 


We’re 18 years old and the leader in our space, but we are still just getting started. If you like solving important, complex problems alongside deeply thoughtful, driven, and collaborative teammates, read on.


Your Impact on our Mission

Zocdoc’s most important asset is our people and our platform. As a Senior Staff Engineer, Vulnerability Management, you’ll play a meaningful role in strengthening both by architecting and scaling our next-generation vulnerability detection and remediation ecosystem across Compliance, Security, and Engineering. In this role, you’ll help move our security posture from reactive firefighting to predictive, continuous risk reduction through intelligent automation, deeper full-stack visibility, and faster remediation across infrastructure, containers, and application code.

You’ll enjoy this role if you are…
  • Personally motivated by building secure, scalable systems that reduce real-world risk at scale.
  • Autonomous, urgent, and creative, and you love turning noisy security findings into actionable engineering outcomes.
  • Highly collaborative and energized by working across Security, Compliance, Engineering, and DevOps teams.
  • Passionate about offensive security, adversarial validation, and understanding how theoretical vulnerabilities translate into operational exposure.
  • A systems thinker who can connect infrastructure, application security, compliance, and automation into one cohesive program.
  • The kind of person who enjoys pairing deep technical judgment with practical execution and measurable impact.
  • Serious about your work, but not about yourself.
Your day to day is…
  • Owning the technical roadmap for an automated, AI-driven vulnerability scanning platform across cloud infrastructure, container registries, operating systems, and application-layer software.
  • Building context-engine models that correlate findings from SAST, DAST, SCA, and cloud posture tooling to determine true runtime exploitability.
  • Implementing AI-assisted triage workflows that classify vulnerabilities, reduce false positives, and route validated issues to the right engineering teams.
  • Leading targeted red teaming and collaborative purple teaming exercises to validate exploitable paths and strengthen runtime defenses.
  • Partnering directly with Software Engineering and DevOps to build automated remediation pipelines, including dependency update pull requests and base-image patching workflows.
  • Engineering security scanning guardrails into CI/CD pipelines and providing structured telemetry to support continuous compliance and executive risk visibility.
  • Working with cutting-edge GenAI tools and technology to analyze findings, improve prioritization, and accelerate remediation workflows.
You’ll be successful in this role if you have…
  • Meaningful experience in security engineering, vulnerability management, or software development, with at least 8 years focused on infrastructure, container platforms, and product security.
  • A proven track record of writing production-grade automation scripts and building custom security tooling at scale.
  • Hands-on experience planning or executing offensive security exercises, red teaming, purple teaming, or penetration testing.
  • Deep experience securing cloud infrastructure and containerized ecosystems using platforms such as AWS, GCP, or Azure, along with Docker and Kubernetes.
  • Advanced proficiency in Python, Go, or Rust to build automation, integrate scanner APIs, and orchestrate automated patching workflows.
  • Strong familiarity with adversarial frameworks, vulnerability scoring systems such as CVSS and EPSS, and common application and infrastructure attack vectors including the OWASP Top 10.
  • Experience integrating security scanners into CI/CD workflows and using AI or LLM APIs to analyze code or log data for rapid prioritization.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • Advanced security certifications such as OSCE, OSCP, GXPN, CISSP, or equivalent practical engineering experience are highly valued.

Benefits:

  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefit options (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness programs with Headspace and Peloton
  • Sabbatical leave (for employees with 5+ years of service)
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs to promote shared community and belonging
  • Great Place to Work Certified

Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity.

Remote Base Salary Range
$200,000$290,000 USD

About us
Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. Each month, millions of patients use our free service to find nearby, in-network providers, compare choices based on verified patient reviews, and instantly book in-person or video visits online. Providers participate in Zocdoc’s Marketplace to reach new patients to grow their practice, fill their last-minute openings, and deliver a better healthcare experience. Founded in 2007 with a mission to give power to the patient, our work each day in pursuit of that mission is guided by our six core values. Zocdoc is a private company backed by some of the world’s leading investors, and we believe we’re still only scratching the surface of what we plan to accomplish. 

Zocdoc is a mission-driven organization dedicated to building teams as diverse as the patients and providers we aim to serve. In the spirit of one of our core values - Together, Not Alone, we are a company that prides itself on being highly collaborative, and we believe that diverse perspectives, experiences and contributors make our community and our platform better.  We’re an equal opportunity employer committed to providing employees with a work environment free of discrimination and harassment. Applicants are considered for employment regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity, gender expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or any other class protected by applicable laws.
Job Applicant Privacy Notice


Similar Jobs at Zocdoc

An Hour Ago
Easy Apply
Remote or Hybrid
USA
Easy Apply
210K-270K Annually
Senior level
210K-270K Annually
Senior level
Healthtech • Information Technology • Software • Telehealth
Lead and grow a frontend platform team owning Zocdoc's accessible React component library and design system. Define roadmap and technical strategy, drive adoption across web and mobile, institutionalize accessibility and quality, mentor engineers, partner with UX/Product/Analytics, and deliver platform improvements that speed frontend and mobile development.
Top Skills: AndroidGenerative AiiOSJavaScriptReactTypescript
Yesterday
Easy Apply
Remote or Hybrid
USA
Easy Apply
100K-140K Annually
Mid level
100K-140K Annually
Mid level
Healthtech • Information Technology • Software • Telehealth
Partner with engineering, compliance, and security teams to embed application security into the SDLC: triage static/SCA alerts, advise on OWASP Top 10 remediation, maintain developer playbooks and training, track security metrics and evidence for audits, and help shape AI governance and GenAI-safe workflows.
Top Skills: AWSAzureGCPGenerative AiGitGoJavaJavaScriptOwasp Top 10PythonSoftware Composition Analysis ToolsStatic Analysis Tools
5 Days Ago
Easy Apply
Remote or Hybrid
Easy Apply
211K-285K Annually
Senior level
211K-285K Annually
Senior level
Healthtech • Information Technology • Software • Telehealth
As a Staff Software Engineer, you'll design and build backend services for Zocdoc's search platform, optimizing performance and scalability while integrating machine learning models into the infrastructure. You'll mentor engineers and drive architectural standards.
Top Skills: .NetAWSC#DynamoDBEcsKinesisLambdaOpensearchS3SnsSqs

What you need to know about the Colorado Tech Scene

With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.

Key Facts About Colorado Tech

  • Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
  • Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
  • Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
  • Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
  • Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account