Senior Product Security Engineer
CLEAR · New York, NY · 1 wk ago
On-siteInformation Technology$225k–$300k/yrFull-time
About the role
CLEAR is building THE secure identity company of the future. Our mission is to make experiences safer and easier—physically and digitally. With more than 38 million Members and a growing network of partners across the world, CLEAR's secure identity platform is transforming the way people live, work, and travel.
Responsibilities
- Monitor and triage findings from Wiz, Tenable, GHAS, and other scanners, ensuring issues are routed to the right owners with the right context and priority.
- Manage on our centralized VM platform that aggregates findings across Wiz, Tenable, GHAS, and other sources and ensure consistent normalization, deduplication, and ownership mapping (e.g., by AWS tags, teams, or services) so we have a single, trustworthy view of risk.
- Manage CLEAR’s risk scoring and SLA models (High/Critical, “Most Wanted” assets, ETC) within the VM platform and make sure we are tracking overdue findings, SLA adherence, backlog trends, and top risky assets/teams.
- Work directly with code, cloud, and endpoint teams to clarify findings, group related issues, and translate scanner output into concrete remediation plans that fit their roadmaps.
- Partner with engineering to get fixes shipped
- Participate in regular triage / review sessions, help prioritize backlog items, and follow through to ensure high‑risk issues are validated and closed in the source tools (not just Jira).
- Contribute to VM process and tool improvements with enhancements to connectors, data quality checks, scorecards, runbooks, and how‑to guides so vulnerability management processes are repeatable and easy to onboard to.
Qualifications
- 6+ years of experience in security engineering or product security ideally in a cloud-first or SaaS environment.
- Hands-on experience working with at least one modern vulnerability or exposure management stack (e.g., Wiz, Tenable, Rapid7, GHAS, or similar).
- Understanding of end-to-end VM workflows: scanning, triage, risk scoring, ticketing, validation, and reporting.
- Working knowledge of modern cloud and infrastructure patterns (AWS preferred), including how services, hosts, containers, and repos map to real teams and products.
- Strong written and verbal communication skills; can explain vulnerabilities, risk tradeoffs, and SLAs to both deeply technical engineers and non-technical stakeholders.
- Experience supporting regulated environments (e.g., FedRAMP, PCI, SOC2) and preparing vulnerability-related evidence for audits.
Benefits
- Comprehensive healthcare plans
- Fertility and adoption/surrogacy support
- Flexible time off
- Annual wellness stipend
- Free OneMedical memberships for you and your dependents
- A CLEAR Plus membership
- A 401(k) retirement plan with employer match
Pay
The total compensation range for this role is $225,000-$300,000, depending on levels of skills and experience.
Schedule
This role is currently remote, with the possibility of returning to the office in the future.