Senior Security Engineer, Vulnerability Management

CLEAR is building THE secure identity company of the future. Our mission is to make experiences safer and easier—physically and digitally. With more than 38 million Members and a growing network of partners across the world, CLEAR's secure identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or throughout your everyday life, CLEAR unlocks the magic of frictionless experiences.

As a Senior Security Engineer, Vulnerability Management on our Product Security team you’ll help run and evolve CLEAR’s vulnerability management program across cloud, infrastructure, endpoints, and applications. You’ll operate the tools that surface risk (like Wiz, Tenable, and Github), turn findings into clear, actionable work, and partner with engineering teams to drive down real-world risk. Not just tickets.

What you’ll do:

• Monitor and triage findings from Wiz, Tenable, GHAS, and other scanners, ensuring issues are routed to the right owners with the right context and priority.

• Manage on our centralized VM platform that aggregates findings across Wiz, Tenable, GHAS, and other sources and ensure consistent normalization, deduplication, and ownership mapping (e.g., by AWS tags, teams, or services) so we have a single, trustworthy view of risk.

• Manage CLEAR’s risk scoring and SLA models (High/Critical, “Most Wanted” assets, ETC) within the VM platform and make sure we are tracking overdue findings, SLA adherence, backlog trends, and top risky assets/teams

• Work directly with code, cloud, and endpoint teams to clarify findings, group related issues, and translate scanner output into concrete remediation plans that fit their roadmaps.

• Partner with engineering to get fixes shipped Participate in regular triage / review sessions, help prioritize backlog items, and follow through to ensure high‑risk issues are validated and closed in the source tools (not just Jira).

• Contribute to VM process and tool improvements with enhancements to connectors, data quality checks, scorecards, runbooks, and how‑to guides so vulnerability management processes are repeatable and easy to onboard to.

How you’ll measure success:

• Cleaner, more accurate vulnerability data with fewer duplicates and orphaned tickets; consistent mapping between scanner findings, Jira issues, and asset/ownership data across Wiz, Tenable, and other tools.

• Improved remediation outcomes with a reduction in High/Critical vulnerabilities out of SLA, especially on top-risk assets and services, and visible burn‑down in dashboards and scorecards.

• Operational efficiency and predictability with less manual reconciliation across tools and spreadsheets; more of the VM workflow (triage, routing, validation, reporting) running through standard playbooks and automation.

• Trust in reporting as Security, Engineering, and Compliance stakeholders rely on VM dashboards as the single source of truth for vulnerability posture, SLAs, and exceptions.

What you’re great at:

• 6+ years of experience in security engineering, vulnerability management, or security operations, ideally in a cloud‑first or SaaS environment.

• Hands‑on experience working with at least one modern vulnerability or exposure management stack (e.g., Wiz, Tenable, Rapid7, GHAS, or similar).

• Understanding of end‑to‑end VM workflows: scanning, triage, risk scoring, ticketing, validation, and reporting.

• Working knowledge of modern cloud and infrastructure patterns (AWS preferred), including how services, hosts, containers, and repos map to real teams and products.

• Strong written and verbal communication skills; can explain vulnerabilities, risk tradeoffs, and SLAs to both deeply technical engineers and non‑technical stakeholders.

• Experience supporting regulated environments (e.g., FedRAMP, PCI, SOC2) and preparing vulnerability‑related evidence for audits.

How You'll be Rewarded:

At CLEAR, we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members motivated by our mission of making experiences safer and easier. Our offices are bright and energetic with an open concept and plenty of conference rooms and casual co-working spaces. We also offer catered lunches every day and have fully stocked kitchens. Outside of the office, we invest in your well-being and learning & development with stipends and reimbursement programs.

We offer holistic total rewards, including comprehensive healthcare plans, family-building benefits (fertility and adoption/surrogacy support), flexible time off, annual wellness stipend, free OneMedical memberships for you and your dependents, a CLEAR Plus membership, and a 401(k) retirement plan with employer match. The base salary range for this role is $175,000-$215,000, depending on levels of skills and experience.

The base salary range represents the low and high end of CLEAR’s salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. The range listed is just one component of CLEAR’s total compensation package for employees and other rewards may include annual bonuses, commission, Restricted Stock Units

CLEAR provides reasonable accommodation to qualified individuals with disabilities or protected needs. Please let us know if you require a reasonable accommodation to apply for a job or perform your job. Examples of reasonable accommodation include, but are not limited to, time off, extra breaks, making a change to the application process or work procedures, policy exceptions, providing documents in an alternative format, live captioning or using a sign language interpreter, or using specialized equipment.

We are committed to a transparent and secure hiring process. All communications related to this role will come directly from a CLEAR employee through valid CLEAR channels (e.g., a valid @clearme.com email address or verified CLEAR LinkedIn profile). We encourage candidates to remain alert to job scams and to report any suspicious activity.

#LI-Onsite