Security Engineer (Vulnerability Management)

Relativity is a rapidly expanding tech company in the Legal Tech industry focused on security and DevSecOps. The role is part of the Vulnerability Management team working to secure company infrastructure and a dynamic web system built on containers and native cloud applications.

• Familiarity with common software vulnerabilities (e.g., OWASP Top 10) and their remediations.
• Bachelor’s degree in Computer Science, Cybersecurity, or related field OR equivalent experience.
• Experience with cloud platforms (e.g., Azure, AWS) and containerization technologies.
• Excellent verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders.
• Strong analytical and problem-solving skills with a proactive approach to security challenges.

Preferred qualifications:

• 1 year of experience on a security team.
• Knowledge of professional software engineering practices and SDLC including coding standards, code reviews, source control, build processes, testing, and operations.
• Experience with modern vulnerability scanning tools.
• Experience deploying Infrastructure as Code (IaC) such as Pulumi.
• Proficiency in at least one modern Object-Oriented Programming language, preferably .NET.
• Experience working in a SaaS environment operating on a global scale.
• Experience in the legal space.
• Experience working with container vulnerability scanning tools.
• Experience working with Azure.
• Experience working with FedRAMP.

• Support the Vulnerability Management program by contributing to scalable processes and enabling the adoption of security services.
• Assist in developing and maintaining automation and reusable tooling to improve efficiency across the program.
• Maintain and optimize vulnerability scanning tools by performing updates, resolving issues, monitoring performance, and coordinating with vendors.
• Implement and direct Vulnerability Management processes including Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification.
• Assist in improving configuration management practices by identifying misconfigurations, contributing to standards, and supporting efficiency, effectiveness, and compliance efforts.
• Actively respond to high-urgency vulnerability events by triaging findings, determining impact, coordinating with teams, and driving remediation.
• Contribute to team objectives aimed at reducing overall risk and identifying new exposure areas.
• Collaborate with internal teams to validate and remediate findings from vulnerability scans, third-party assessments, and the Bug Bounty Program.
• Perform threat modeling to assess vulnerability severity.
• Participate in sessions and events to enhance team skills and expertise.
• Enhance risk visibility by reporting on relevant metrics.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected basis, in accordance with applicable law.