Search...

Security Controls Engineer

MoneyLion logo
MoneyLion

Stealth

Distributed
View jobs by MoneyLion

Skills

About the Role

You'll translate legal, regulatory, and security framework requirements into clear, actionable vulnerability management and remediation programs that span multiple Security and DevOps teams. You'll help design, operationalize, and continually improve the vulnerability management lifecycle, from identification and triage through prioritization, remediation, validation, and reporting. You'll work on secure development practices within regulatory frameworks covering vulnerability handling, coordinated disclosure, SBOM transparency, patch management, and post-deployment monitoring. You'll track, report, and escalate progress, risks, and dependencies, partnering closely with a Senior Project Manager and reporting to senior leadership.

Requirements

  • 3+ years of experience in vulnerability management, security engineering, or security program delivery in a cloud/software environment
  • Demonstrated ability to work independently and drive outcomes across multiple teams
  • Working understanding of regulatory security requirements and experience implementing common frameworks/regulations (e.g., ISO 27001, NIS2, SOC 2, GDPR, PCI DSS)
  • Strong translation skills to turn policy and control language into developer-ready user stories, acceptance criteria, remediation tasks, and runbooks
  • Hands-on experience using work tracking tools (Jira, Azure DevOps, etc.) and crafting status reports/dashboards for leadership
  • Strong communication skills including analyzing vulnerability trends, clear writing, meeting facilitation, and stakeholder alignment
  • Understanding of modern SDLC/DevOps practices (CI/CD, IaC, pipelines, change management)
  • Experience in cloud environments (AWS/Azure/GCP), including shared responsibility and guardrail patterns

Responsibilities

  • Translate legal, regulatory, and security framework obligations into prioritized, testable tasks for engineering and platform teams
  • Define concrete technical control requirements across vulnerability detection, remediation SLAs, secure configuration baselines, SBOM management, and coordinated disclosure processes
  • Drive end-to-end vulnerability management across infrastructure, cloud, applications, containers, and third-party components
  • Perform scanning, triage, risk-based prioritization, remediation tracking, validation, and closure
  • Partner with the Application Security team to integrate SAST, DAST, SCA, container, IaC, and cloud configuration scanning into CI/CD pipelines
  • Ensure findings are automatically ticketed, risk-ranked, and tracked to resolution with measurable SLAs
  • Coordinate work across multiple security domains and DevOps/Platform teams to drive consistent adoption
  • Build delivery plans, track milestones, manage dependencies, and maintain a single source of truth
  • Align with product owners, architects, and security SMEs; resolve blockers and facilitate decisions
  • Develop actionable dashboards showing vulnerability aging, SLA compliance, backlog trends, and risk exposure
  • Map vulnerability management practices to regulatory frameworks and collect/curate evidence for audits
  • Standardize templates, automate playbooks and evidence collection to advance process maturity
  • Work with a Senior Project Manager to align scope, timelines, compliance deadlines, and cross-team execution

Benefits

  • Flexible working options
Security Controls Engineer at MoneyLion | JobStash