Senior Security Engineer – Vulnerability Management & Penetration Testing

Hyderabad, India Senior Posted 2026-05-04

Don't apply into the void — reach the hiring manager

ResuMail finds the recruiters and hiring managers behind this Senior Security Engineer – Vulnerability Management & Penetration Testing role at Truveta, drafts a personalised outreach email, and schedules the send — so your application actually gets seen.

Reach the hiring manager ›

About this role

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.   Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our <a href="https://www.truveta.com/careers/">company values</a>. Role Overview  We are looking for a Senior Security Engineer to drive vulnerability management and penetration testing across applications and infrastructure.  This role is focused on hands-on identification, validation, and remediation of security issues, with an emphasis on building scalable processes and improving overall security posture.    Key Responsibilities  <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Own and operate the vulnerability management lifecycle, including:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Continuous scanning (applications, infrastructure, dependencies)  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Risk-based prioritization  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="2">Tracking and driving remediation  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Perform penetration testing on web applications, APIs, and cloud environments.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Validate and triage vulnerabilities to eliminate false positives and ensure actionable findings.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Partner with engineering teams to fix vulnerabilities and prevent recurrence.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Implement and manage tools for:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">SAST, DAST, and dependency scanning  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Infrastructure and container scanning  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Develop repeatable testing methodologies and automation.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="1">Conduct adversarial testing and exploit validation to simulate real-world attack scenarios.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="1">Track metrics and report on risk posture and remediation progress.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="9" data-aria-level="1">Contribute to improving secure development practices based on findings.  </li> </ul>   Required Qualifications  <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">5–9+ years of experience in security engineering, vulnerability management, or penetration testing.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Hands-on experience with:  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Web and API security testing  </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Common vulnerabilities (OWASP Top 10, misconfigurations, auth flaws)  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Strong understanding of attack techniques and exploitation methods.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Experience with security scanning tools and frameworks.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Ability to analyze and validate vulnerabilities in real-world systems.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Familiarity with cloud environments (Azure preferred).  </li> </ul>   Preferred Qualifications  <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Experience with automating security testing in CI/CD pipelines.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Familiarity with container and Kubernetes security.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Experience with bug bounty or red teaming.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Relevant certifications (e.g., OSCP, CEH, GWAPT).  </li> </ul>   What We’re Looking For  <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Strong hands-on tester and problem solver.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Ability to go beyond tools and think like an attacker.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Focus on impact-driven security, not just findings. </li> </ul>

How to get this job at Truveta

Don't rely on the portal. Cold applications for a role like Senior Security Engineer – Vulnerability Management & Penetration Testing land in a pile of hundreds. A direct, personalised message to the hiring manager or a referrer is the fastest way in.
Find the right person. ResuMail surfaces the actual recruiters and hiring managers at Truveta — not a generic careers inbox.
Send tailored outreach. ResuMail drafts an email personalised to your resume and this role, then paces and schedules sends so you stay out of spam.
Follow up. One polite nudge after 5–7 days roughly doubles reply rates — scheduled for you.

Reach Truveta's hiring managers today.

Free to start. No credit card. Built for Indian job seekers.

Start free with ResuMail ›