Senior Security Engineer

THE ROLE

You will be the architect of risk reduction, transforming raw vulnerability data into a prioritized roadmap for a secure enterprise. Your mission is to move beyond "fixing everything" to strategically eliminating the specific vulnerabilities that pose the highest risk to our global infrastructure. By collaborating across Cloud, DevSecOps, and Product teams, you will ensure our security posture is proactive, measurable, and deeply integrated into our delivery lifecycle. This role is a high-impact opportunity to influence how we define "safe" across a modern, multi-cloud environment.

WHAT YOU’LL DO

• Drive Risk-Based Prioritization: Shift the organization from volume-based reporting to intelligence-driven action by correlating vulnerability data with exploitability, asset criticality, and attack surface exposure to ensure teams focus on what matters most.
• Operationalize Global Scanning: Lead the end-to-end operation and continuous improvement of enterprise scanning across AWS, Azure, GCP, and containerized environments to maintain 100% visibility of our digital footprint.
• Enable Cross-Functional Remediation: Partner directly with Infrastructure and Engineering owners to drive remediation efforts against established SLAs, identifying root causes like base-image drift or patching gaps to prevent recurring risks.
• Integrate Defense Context: Collaborate with Detection and Incident Response teams to map vulnerability classes to active threats, helping determine if known exposures contributed to incidents and identifying where new detections are required.
• Engineer Operational Excellence: Automate the lifecycle of a vulnerability—from discovery and Jira ticket creation to final reporting—providing leadership with "Fix Impact Reports" that clearly quantify how our security efforts reduce business risk.

WHAT YOU BRING

The Core Essentials

• 5+ years of experience in security operations, vulnerability management, or security engineering in an enterprise environment (or equivalent practical experience).
• Hands-on experience running vulnerability management programs and working with asset discovery and/or secrets detection tools (e.g., runZero, TruffleHog, GitLeaks, or similar).
• Experience configuring and operating a Zero Trust / secure web gateway platform (e.g., Zscaler ZIA/ZPA or similar) and securing at least one major cloud provider (AWS, GCP, or Azure).
• Proficiency in SIEM detection engineering (preferably Splunk) and scripting or programming in at least one of: Python, PowerShell, or Bash.
• Demonstrated ability to partner with engineering teams to prioritize and drive remediation, and to explain technical risk in clear, business-relevant language.
• We are primarily an in- office environment and therefore, you will be expected to work from the Prague office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

Bonus Points (Preferred Skills)

• Experience with Zscaler ZIA/ZPA specifically, including SSL inspection design, certificate management, and policy tuning in a global environment.
• Experience integrating secrets scanning into CI/CD pipelines and automating remediation.
• Exposure to threat emulation / adversary simulation (e.g., Atomic Red Team) and deception technologies mapped to MITRE ATT&CK.
• Background in penetration testing, red team, or purple team activities that inform defensive control design.