Skip to content

Senior Security Engineer – Vulnerability Management & Penetration Testing

TruvetaHyderabad, TG, India · Remote (India)May 27, 2026
Remote
Full-time
Pentesting
Senior · 5–9 yrs

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US. 

Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share ourcompany values.

Role Overview

We are looking for a SeniorSecurity Engineer to drive vulnerability management and penetration testing across applications and infrastructure.

This role is focused on hands-on identification, validation, and remediation of security issues, with an emphasis on building scalable processes and improving overall security posture.

Key Responsibilities

  • Own and operate the vulnerability management lifecycle, including: 
  • Continuous scanning (applications, infrastructure, dependencies) 
  • Risk-based prioritization 
  • Tracking and driving remediation 
  • Perform penetration testing on web applications, APIs, and cloud environments. 
  • Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings. 
  • Partner with engineering teams to fix vulnerabilities and prevent recurrence
  • Implement and manage tools for: 
  • SAST, DAST, and dependency scanning 
  • Infrastructure and container scanning 
  • Develop repeatable testing methodologies and automation
  • Conduct adversarial testing and exploit validation to simulate real-world attack scenarios. 
  • Track metrics and report on risk posture and remediation progress
  • Contribute to improving secure development practices based on findings. 

Required Qualifications

  • 5–9+ years of experience in security engineering, vulnerability management, or penetration testing
  • Hands-on experience with: 
  • Web and API security testing 
  • Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws) 
  • Strong understanding of attack techniques and exploitation methods
  • Experience with security scanning tools and frameworks
  • Ability to analyze and validate vulnerabilities in real-world systems
  • Familiarity with cloud environments (Azure preferred)

Preferred Qualifications

  • Experience with automating security testing in CI/CD pipelines
  • Familiarity with container and Kubernetes security
  • Experience with bug bounty or red teaming
  • Relevant certifications (e.g., OSCP, CEH, GWAPT). 

What We’re Looking For

  • Strong hands-on tester and problem solver
  • Ability to go beyond tools and think like an attacker
  • Focus on impact-driven security, not just findings.

Job Details

Experience

Senior · 5–9 yrs

Tools & Tech

Azure
Go
Kubernetes

Preferred Certs

CEH
GWAPT
OSCP