Staff Security Engineer - Vulnerability Management at Nscaleoperationsukltd

About Nscale Nscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility. We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future. About the Role We’re hiring a Senior Staff Engineer - Vulnerability Management to build Nscale’s engineering-led exposure management program across endpoints, infrastructure, cloud, container platforms, SaaS, external attack surface, and production systems. This role sits at the intersection of enterprise security, infrastructure engineering, platform teams, IT, security operations, and customer trust. You’ll connect vulnerability data to clear ownership, practical remediation paths, deployment readiness gates, and evidence that material risk is being reduced. This is a high-impact role for Nscale as we scale as a global AI hyperscaler. Vulnerability management here is not about running a scanner queue — it’s about creating a program that identifies what matters most, prioritizes what is exploitable, drives accountability across teams, and gives leadership clear visibility into risk reduction. What you'll be doing Program Strategy & Exposure Management • Own vulnerability management strategy across endpoints, servers, cloud, container platforms, SaaS, internet-facing assets, and production systems. • Build an exposure management program that connects findings to ownership, prioritization, remediation, and risk outcomes. • Define telemetry requirements that support detection, incident response, audit, compliance, customer assurance, and executive reporting. Asset Context & Risk Prioritization • Establish asset ownership and exposure context, including business criticality, internet exposure, privileged access paths, data sensitivity, exploitability, compensating controls, and remediation owner. • Develop risk-based prioritization models using severity, exploitability, asset value, threat intelligence, exposure path, and operational impact. • Identify the most material exposures based on exploitability, business impact, internet exposure, privilege path, and remediation feasibility. Remediation Workflows & Validation • Drive remediation workflows with infrastructure, platform, IT, endpoint, application, and service-owner teams. • Create patch and configuration remediation proof loops that show finding, owner, fix path, validation, evidence, and closure. • Implement deployment readiness gates and post-remediation validation to ensure fixes are complete and durable. Governance, Reporting & Early Delivery • Establish exception governance with defined owner, risk, compensating controls, expiry, evidence, and review cadence. • Build a current-state exposure map covering critical assets, telemetry sources, owners, remediation paths, exception records, and gaps. • Partner with Security Data to define exposure-driven detections and source-health reporting. • Create leadership-ready dashboards showing coverage, critical exposure burn-down, overdue remediation, exception age, and owner accountability. • Define a triage model that separates urgent action, planned remediation, accepted exception, and false positive. KPIs • Critical exposure burn-down • Overdue remediation • Exception age • Owner coverage About You • 8+ years in vulnerability management, exposure management, infrastructure security, cloud security, security engineering, or related engineering roles • Deep hands-on experience turning vulnerability, asset, configuration, and exposure data into risk-based remediation programs • Strong understanding of operating systems, cloud platforms, container platforms, network exposure, application dependencies, endpoint posture, and production operations • Experience building remediation workflows with engineering, IT, infrastructure, application, and service-owner teams • Experience with exploitability analysis, threat intelligence enrichment, patch prioritization, exception governance, and remediation validation • Strong automation, data analysis, scripting, or workflow engineering skills • Ability to influence technical teams through clear risk reasoning, practical remediation paths, and measurable outcomes • Experience with cloud posture, container posture, external attack surface management, runtime security, or attack-path analysis is valued • Experience with AI infrastructure, GPU clusters, sovereign cloud, multi-tenant platforms, bare metal, HPC, or hyperscale environments is a plus • Experience producing customer-facing security evidence, control narratives, or audit artifacts is a plus What we can offer you At Nscale, you'll find a collaborative, supportive, and innovative environment where your contributions spark real impact. We're building something extraordinary, and we want you at the core. Highly competitive US compensation package (base + bonus + equity), with performance reviews every 12 months. 🚀 Join one of the fastest-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed. ✨ Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross-functional initiatives and shaping capital strategy — always with our full support. Human-First Flexibility: We treat you as humans first. 🫶🏽 Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments. Equal Opportunities Statement We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds. If there’s anything we can do to accommodate your specific situation, please let us know. The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role. For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here. Salary Range The range below reflects the base salary for the position. Actual compensation may vary based on job-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. The range below reflects the base salary for the position. Actual compensation may vary based on job-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. Salary Range$180,000—$230,000 USDFor information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here.