Senior Security Engineer, Vulnerability & Exposure Management

About Bridgewater 

Bridgewater Associates is a premier asset management firm, focused on delivering unique insight and partnership for the most sophisticated global institutional investors. 

Our investment process is driven by a tireless pursuit to understand how the world’s markets and economies work — using cutting edge technology to validate and execute on timeless and universal investment principles. 

Founded in 1975, we are a community of independent thinkers who share a commitment for excellence. By fostering a culture of openness, transparency, and inclusion, we strive to unlock the most complex questions in investment strategy, management, and corporate culture. 

Explore more information about Bridgewater on our website here. 

Our Culture 

Bridgewater’s unique success is the direct result of our unique way of being. We want an idea meritocracy in which meaningful work and meaningful relationships are pursued through radical truth and radical transparency. We require people to be extremely open, air disagreements, test each other’s logic, and view discovering mistakes and weaknesses as a good thing that leads to improvement and innovation. It is by continually striving together for the highest levels of truth and excellence that we create meaningful work and meaningful relationships. Within this culture, Diversity and Inclusion is a top priority because it is essential to finding the best talent in the world, enabling our idea meritocracy, and creating an environment where all types of people can thrive. We have a full-time team as well as affinity networks that work on these issues - If you would like to learn more, please let your Bridgewater recruiter know.  

Explore more information about Bridgewater’s culture on our website here. 

About the Security Group 

The Security Department’s mission is to protect Bridgewater. We constantly evolve our cyber, physical, and staff security practices to meet business needs and stay ahead of the changing threat landscape.

About the Role

As a Senior Security Engineer focused on Vulnerability and Exposure Management, you will own and evolve how Bridgewater identifies, understands, and prioritizes security exposures across the firm. This is not a patch-management role. It is a senior individual contributor position with end-to-end accountability for turning raw vulnerability data into risk-informed decisions that actually matter to Bridgewater.

You will overhaul our vulnerability and exposure management program by applying an adversarial mindset and sound engineering judgment. Many vulnerabilities do not represent meaningful risk when viewed in context; asset criticality, compensating controls, exploitability, and attacker positioning matter. Your job is to separate signal from noise, explain why something matters (or doesn’t), and drive remediation that measurably reduces attack surface and enterprise risk.

Focus Areas

• Risk-Informed Vulnerability & Exposure Management: Own the full lifecycle of vulnerabilities and exposures, from detection to validation, enrichment, prioritization, and remediation, grounded in realistic attacker behavior and business impact.
• Adversarial & Offensive Thinking: Apply experience from incident response, penetration testing, or exploitation to assess what an attacker can actually do, not just what scanners report.
• Signal Quality & Noise Reduction: Eliminate baseline vulnerability noise by validating findings, collapsing duplicates, and enriching results with context that drives confident decision-making.

Engineering & Automation

Design and engineer scalable solutions that integrate vulnerability data, asset context, threat intelligence, and risk scoring into a coherent system.

Stakeholder Communication & Influence

Translate technical findings into clear, defensible narratives for engineers, product owners, and risk stakeholders, explaining both urgency and deprioritization with credibility.

Key Responsibilities

End-to-End Program Ownership

• Own Bridgewater’s vulnerability and exposure management program from detection through remediation and risk acceptance.
• Define what “matters” from a vulnerability perspective and continuously refine that bar.

Validation & Risk Assessment

• Validate vulnerabilities through technical analysis and, where appropriate, hands-on exploitation.
• Apply a consistent risk methodology that accounts for asset criticality, data sensitivity, exposure (internal vs. external), exploitability, attacker prerequisites, and compensating controls.

Prioritization & Decision Support

• Convert raw findings into prioritized, decision-relevant outputs aligned to enterprise risk.
• Clearly articulate why a vulnerability is critical, acceptable, or noise.

Stakeholder Partnership

• Work directly with application and service owners to drive remediation of high-impact issues.
• Build trust by providing clear logic, not mandates, and by respecting engineering realities.

Zero-Day & High-Risk Exposure Support

• Provide Detection & Response teams with context and prioritization guidance for zero-days and emerging threats.
• Support response efforts without owning real-time containment or incident handling.

What Success Looks Like

• Bridgewater has a clear understanding of its most meaningful security exposures.
• High-impact vulnerabilities and attack paths are identified early and prioritized.
• Stakeholders receive enriched, high-fidelity insights, not raw scanner output.
• Remediation efforts are efficient, targeted, and visibly reduce enterprise risk.
• Vulnerability management is trusted as a decision-making function, not a ticket factory.

Requirements & Experience

Experience & Background

• 10+ years of experience in security engineering, vulnerability management, incident response, or offensive security.
• Prior experience in incident response, penetration testing, red teaming, or exploitation is strongly preferred.
• Demonstrated ownership of complex security programs as a senior individual contributor.

Technical Expertise

• Deep understanding of vulnerability classes across infrastructure, cloud, and applications.
• Strong grasp of exploitability, attack paths, privilege escalation, and real-world attacker tradecraft.
• Experience validating vulnerabilities beyond scanner output.
• Familiarity with cloud platforms, modern enterprise environments, and defense-in-depth controls.
• Ability to engineer solutions that integrate data from multiple security and asset sources.

Communication & Influence

• Exceptional ability to explain technical risk to engineers and non-security stakeholders.
• Trusted partner mindset, credible, pragmatic, and outcome-focused.
• Comfortable being accountable for decisions and program outcomes.

This role is ideal for someone who has felt the pain of real incidents or exploitation, understands how attackers think, and wants to build a vulnerability and exposure management program that prioritizes reality over noise.

Physical Requirements

This role is offered with fully remote flexibility and can be performed from anywhere within the United States. This approach is role specific, and each team will have some slight variations that we will be able to describe in more detail throughout the recruiting process.

Compensation

The wage range for this role is $335,000 - $475,000 inclusive of base salary and discretionary target bonus. The expected base salary for this role is between 70% - 80% of this wage range.

Why Choose Bridgewater?

It takes all types to make Bridgewater great. We seek a diverse group of innovative thinkers and push them to engage in rigorous and thoughtful inquiry. We develop people through an honest examination of their abilities and performance, enabling personal growth and professional development. We strive to provideyou opportunities that will challenge you and unlock your potential.

One of our core priorities at Bridgewater is to enable our employees to build a great life and career, and we believe our benefits are an important extension of that philosophy. As such, currently Bridgewater offers a competitive suite of benefits.

Explore more information about Bridgewater’s benefits on our website here.

Bridgewater reserves the right to change its current benefits program at any time, in a manner that is consistent with applicable federal and state regulations.

This job description is not a contract and confers no contractual rights, privileges, or benefits on any applicant or potential applicant. Bridgewater has the right to change any and all terms of this job description, including, but not limited to, job responsibilities, qualifications and benefits. Nothing in this job description constitutes an offer or guarantee of employment. Please note that we do not provide immigration sponsorship for this position.

Bridgewater Associates, LP is an Equal Opportunity Employer