Staff Information Security Engineer (Vulnerability Management) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Zscaler · 2 days ago

Staff Information Security Engineer (Vulnerability Management)

positionWashington, DC
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$116K/yr - $165K/yr
date5+ years exp

Zscaler is a leader in cloud security, focused on enabling organizations to harness speed and agility with a cloud-first strategy. The Staff Information Security Engineer will operate in a U.S. Federal IL6 environment, responsible for vulnerability management tasks including network scanning, automation, and collaboration with service owners.

Cloud SecurityCyber SecurityEnterprise SoftwareSecurity
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Designing and running authenticated/unauthenticated network and host scanning using IL6-approved tools in air-gapped environments (e.g., Tenable.sc / Nessus Manager or similar)
Building Python/Go/PowerShell automations for scan orchestration, asset onboarding, policy tuning, and diode-ready reporting formats
Driving collaboration with IL6 service owners to eliminate exploitable risks and manage patch/hardening campaigns
Producing weekly and monthly reporting aligned to IL6 program cadence and diode data transfer policies
Maintaining documentation, including runbooks, SOPs, exception governance, and change control processes within the SCIF

Qualification

Vulnerability ManagementSecurity EngineeringPythonTenable.sc/Nessus ManagerCSPM conceptsWeb Application ScanningPowerShellGoRisk-based prioritizationDoD 8570/8140 IAT Level II certificationCloud platformsFedRAMP High/Moderate operationsJira/ServiceNow

Required

U.S. citizenship and active U.S. Top Secret (TS) clearance (must be maintained)
5+ years in Vulnerability Management, or Security Engineering within restricted/SCIF environments, including air-gapped scanning (Tenable.sc/Nessus Manager or equivalents) and offline plugin lifecycle
Experience with CSPM concepts and Web Application Scanning (WAS) methodologies, plus strong scripting skills in Python, Go, or PowerShell for automation in disconnected environments
Solid understanding of risk-based prioritization (CVSS, EPSS), remediation lifecycle, and SLA governance

Preferred

DoD 8570/8140 IAT Level II certification (e.g., Security+ CE, GSEC, SSCP, CySA+)
Understanding of cloud and container platforms adapted to classified environments (e.g., AWS C2S/SC2S constructs, ECS/Kubernetes, VM hardening), and external attack surface concepts within constrained perimeters
Exposure to FedRAMP High/Moderate operations, including monthly monitoring programs (scanning, evaluation, patching, reporting) and familiarity with Jira/ServiceNow for ticketing and exception management in isolated environments

Benefits

Various health plans
Time off plans for vacation and sick time
Parental leave options
Retirement options
Education reimbursement
In-office perks, and more!

Company

Zscaler

twittertwittertwitter
Glassdoor4.0
company-logo
Zscaler is a global cloud-based information security company that enables secure digital transformation for mobile and cloud.
dateFounded in 2008
location
San Jose, California, USA
people-size5001-10000 employees
web-link
https://www.zscaler.com

Funding

Current Stage
Public Company
Total Funding
$1.67B
Key Investors
TPG GrowthLightspeed Venture Partners
2025-07-01Post Ipo Debt· $1.5B
2024-04-23Post Ipo Equity· $22.7M
2018-03-16IPO

Leadership Team

leader-logo
Jay Chaudhry
CEO, Chairman & Founder
linkedin
leader-logo
Hemant Dabke
Area Vice President
linkedin

Recent News

GlobeNewswire
Zscaler Appoints Sunil Frida as Chief Marketing Officer to Drive Next Phase of Global Growth
2026-01-06
MarketScreener
Zscaler appoints Sunil Frida as chief marketing officer to drive next phase of global growth
2026-01-06
thefly.com
Zscaler appoints Sunil Frida as chief marketing officer
2026-01-06
Company data provided by crunchbase