Current jobs related to Senior Security Engineer - London - CARFAX
-
Senior Manager, Product Security Engineering
3 weeks ago
London, Canada Affirm Full timeSenior Manager, Product Security Engineering (Platform Security) Join to apply for the Senior Manager, Product Security Engineering (Platform Security) role at Affirm . Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Security is...
-
Platform Security Engineering Leader
3 weeks ago
London, Canada Affirm Full timeA financial technology company is seeking a Senior Manager, Product Security Engineering to lead their Platform Security team. You will be responsible for embedding a strong security culture, managing cloud security for AWS and Azure, and driving DevSecOps practices across development workflows. The ideal candidate has extensive experience in cloud computing...
-
Platform Security Engineering Leader
5 minutes ago
London, Canada Affirm Full timeA financial technology company is seeking a Senior Manager, Product Security Engineering to lead their Platform Security team. You will be responsible for embedding a strong security culture, managing cloud security for AWS and Azure, and driving DevSecOps practices across development workflows. The ideal candidate has extensive experience in cloud computing...
-
Remote GCP Cloud Security Operations Engineer
6 minutes ago
London, Canada Pragmatike Full timeA leading AI technology firm is seeking a GCP Security Operations Engineer to enhance cloud security operations. This hands-on role requires experience with GCP security services, vulnerability management, and scripting skills in Python. The position offers unique career growth opportunities, including the chance to work with senior engineers and possibly...
-
Security Engineer
3 weeks ago
London, Canada lumalabs.ai Full timeA leading generative AI company in London, Ontario, is looking for a founding Security Engineer to define the security function and ensure the security posture of its products and services. The role demands extensive experience in security engineering, particularly with product/application security and compliance with standards like SOC 2 and ISO 27001....
-
Security Engineer
3 weeks ago
London, Canada lumalabs.ai Full timeA leading generative AI company in London, Ontario, is looking for a founding Security Engineer to define the security function and ensure the security posture of its products and services. The role demands extensive experience in security engineering, particularly with product/application security and compliance with standards like SOC 2 and ISO 27001....
-
Senior Backend Engineer
3 weeks ago
London, Canada lumalabs.ai Full timeA next-gen AI platform in London, Ontario, is seeking a versatile backend engineer to build its enterprise platform. This role is a unique opportunity for a founding engineer to architect key systems, including authentication layers and analytics dashboards. The ideal candidate will have extensive experience in Python, designing secure APIs, and thriving in...
-
Senior Backend Engineer
3 weeks ago
London, Canada lumalabs.ai Full timeA next-gen AI platform in London, Ontario, is seeking a versatile backend engineer to build its enterprise platform. This role is a unique opportunity for a founding engineer to architect key systems, including authentication layers and analytics dashboards. The ideal candidate will have extensive experience in Python, designing secure APIs, and thriving in...
-
Senior Electrical Engineer
3 weeks ago
London, Canada MT Talent Full timeSenior Electrical Engineer (P. Eng required) Who Are We? We are a strategic recruitment agency specializing in connecting skilled professionals with top employers across Canada and the United States. Our holistic approach ensures that both technical and cultural alignment leads to long‑term success for all parties involved. Why Are We Looking for You? We...
-
Senior Electrical Engineer
3 weeks ago
London, Canada MT Talent Full timeSenior Electrical Engineer (P. Eng required) Who Are We? We are a strategic recruitment agency specializing in connecting skilled professionals with top employers across Canada and the United States. Our holistic approach ensures that both technical and cultural alignment leads to long‑term success for all parties involved. Why Are We Looking for You? We...
Senior Security Engineer
1 month ago
Join Team CARFAX as a Senior Security Engineer - Vulnerability Management
Isn’t it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We’re more than just a company: We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment.
We are seeking a highly skilled and motivated Senior Cyber Security Engineer – Vulnerability Management who plays a vital role in safeguarding the organization’s information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The Senior Cyber Security Engineer – Vulnerability Management collaborates with various IT and business teams to integrate security best practices into every aspect of the organization’s operations.
At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 2 days per week in our London, ON office subject to change with future business needs.
What you’ll be doing:
- Oversee the end-to-end vulnerability management lifecycle, including scanning, assessment, prioritization, remediation tracking, and reporting.
- Perform regular vulnerability scans across infrastructure, endpoints, and applications, ensuring accurate detection, proper asset coverage, and alignment with security and compliance requirements.
- Perform risk-based analysis and triage vulnerability findings based on business impact, asset criticality, threat intelligence, and exploitability. Guide stakeholders on remediation priorities.
- Collaborate with system owners to drive timely remediation. Develop actionable plans for patching or mitigating vulnerabilities.
- Ensure system hardening and configuration compliance using industry benchmarks such as CIS and DISA STIGs.
- Deploy, manage, and optimize vulnerability and compliance scanning tools. Automate scanning, reporting, and alerting to improve coverage and reduce manual effort.
- Incorporate threat intelligence and exploit data to contextualize vulnerabilities and adjust risk ratings accordingly.
- Develop clear, concise reports and dashboards that communicate vulnerability status, trends, KPIs, and risk posture to technical and non-technical stakeholders.
- Continuously evaluate and improve vulnerability management processes, scanning schedules, and remediation workflows to align with evolving threats and organizational needs.
- Ensure vulnerability management activities align with compliance requirements (e.g., PCI-DSS, SOC II, ISO 27001) and support audit and responses.
- Act as a liaison between security, infrastructure, application, and business teams. Serve as a subject matter expert on vulnerability-related issues.
- Provide guidance to junior team members and support knowledge sharing within the cybersecurity team.
What we’re looking for:
- Bachelor’s degree in computer science, Information Security, or a related field.
- Minimum of 5+ years of experience in cybersecurity, with at least 3–4 years focused on vulnerability management.
- Industry certifications such as CISSP, CEH, CompTIA Security+, or relevant vulnerability management credentials.
- Strong experience with vulnerability scanning tools (e.g., Qualys, Tenable Nessus, Rapid7 InsightVM).
- Solid understanding of vulnerability classification standards (e.g., CVSS, CWE, CAPEC) and security frameworks.
- Familiarity with patch management, system hardening, and configuration management tools and processes.
- Working knowledge of Linux, Windows, and macOS environments, including OS-level security controls.
- Understanding of networking protocols, firewalls, and network security best practices.
- Experience with compliance frameworks such as PCI-DSS, SOC II, or ISO 27001.
- Strong analytical and problem-solving skills, with the ability to assess complex environments and identify potential exposures.
- Excellent communication skills, with the ability to convey technical risk to both technical and non-technical stakeholders.
- Ability to manage multiple projects and tasks in a dynamic, fast-paced environment.
What’s in it for you:
- Competitive compensation, benefits and generous time-off policies
- 4-Day summer work weeks and a winter holiday break
- 401(k)/DCPP matching
- Annual bonus program
- Casual, dog-friendly, and innovative office spaces
- For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits
Don’t just take our word for it:
- 10X Virginia Business Best Places to Work
- 10X Washingtonian Great Places to Work
- 9X Washington Post Top Workplace
- St.Louis Post-Dispatch Best Places to Work
#J-18808-Ljbffr
