United States onlySay hello to Hagerty
Hagerty is a company built by drivers for drivers. We put our members at the center of everything we do, and are dedicated to making it easier and more enjoyable for enthusiasts to drive and celebrate the machines they love. We’re proud to be the world’s largest insurer of collectible and enthusiast vehicles and are home to the Hagerty Drivers Club, the world’s largest car club. Our Marketplace business presents live and digital sales across the U.S. and Europe, we host a number of driving events and concours, and our award-winning automotive journalists produce the most popular car magazine globally, alongside internationally awarded videos. We’re committed to Never Stop Driving. Ready to get in the driver’s seat? Join us!
As a Vulnerability Engineer I, you'll play a hands-on role in protecting the organization by identifying, assessing, and helping remediate security vulnerabilities across systems, applications, and networks. Day-to-day, you'll run and interpret vulnerability scans, support penetration testing efforts, classify findings by severity and business risk, and track remediation efforts in internal systems. You'll coordinate with engineering teams to deploy patches and software updates, triage submissions from bug bounty programs to ensure valid vulnerabilities are actioned, contribute to internal audits, prepare vulnerability reports for leadership, and help maintain continuous compliance with security policies.
Beyond the technical work, you'll be an active member of a collaborative team — participating in team ceremonies, asking questions, supporting on-call rotations, and continuously sharpening your skills across the vulnerability management lifecycle. This is a role for someone eager to grow, comfortable working cross-functionally, and motivated to make a real impact on the organization's security posture from day one.
What You’ll Do
Identify, assess, and manage vulnerabilities by:
- Conducting regular scans using tools (e.g., Rapid7 IVM, Orca, Snyk, StackHawk) to identify weaknesses in systems, applications, and networks, and interpreting scan results to identify and validate vulnerabilities to be ingested into the vulnerability management process.
- Analyzing vulnerabilities based on context, such as asset criticality, exposure, exploitability and overall risk impact to classify them by severity (e.g., critical, high, medium, low).
- Documenting vulnerability findings and remediation efforts in tracking systems (e.g., Azure DevOps, ServiceNow)
- Preparing and maintaining vulnerability management reports for leadership and other stakeholders.
- Researching and providing recommendations for remediation or mitigation strategies.
- Assisting with the patch management process by identifying missing patches or outdated software versions.
- Coordinating with teams to deploy security patches, software/firmware updates, and code changes.
- Assessing the risk of vulnerabilities in the context of business operations and assisting in the prioritization of remediation efforts.
- Staying up to date with the latest cybersecurity threats, vulnerabilities, and patching trends.
- Overseeing and coordinating penetration testing efforts to identify and address security vulnerabilities in systems, applications, and networks.
- Validating and triaging submissions via bug bounty program or other team communication tools ensuring valid vulnerabilities are ingested into the vulnerability management process.
- Participating in internal audits, vulnerability assessments, and security best practice reviews.
- Implementing and managing continuous control testing to ensure ongoing compliance with security policies and standards.
Own and Support the Teams Tools, Processed, and Procedures by:
- Developing a working understanding of your team’s products – its purpose and its capabilities.
- Understanding how your assigned tasks relate to the goals your team is working to deliver.
- Actively practicing troubleshooting and participating in the on-call support rotation for the team’s production services.
- Comprehending and monitoring the programs’ key operational metrics and understanding how your work relates to them.
Improve Your Skills as an Engineer by:
- Carefully researching and deliberately practicing the tools used throughout the vulnerability management lifecycle, including vulnerability scanning tools, patch management systems, and security information and event management (SIEM) tools.
- Learning to recognize vulnerability complexity and methods for simplifying remediation efforts.
- Learning and applying practices such as risk assessment and mitigation strategies with a special focus on the concepts of asset criticality and exploitability.
- Introspecting on, and seeking feedback on, your current communication and behavioral patterns and actively and continually working to improve them.
Contribute to and Engage in a Collaborative Environment by:
- Being an active participant in all team activities: team ceremonies, banter, troubleshooting, design discussions, work breakdowns, etc.
- Asking for explanations on concepts, vulnerabilities, and discussions you don’t understand. This is one of the most powerful things a level one engineers can do.
- Asking for help in a timely manner. Balance researching on your own to ask good questions against waiting too long and potentially hurting your team’s chances of completing their work on time.
- Actively listening.
This Might Describe You:
- Completed some professional training (e.g., college, bootcamps) in cybersecurity or a related field.
- Comfortable working and engaging with a wide range of engineering teams across the organization.
- Eager to deeply learn, both independently and with help, our technologies and patterns such as:
- Vulnerability Scanning Tools: Rapid7 IVM, Orca, Snyk, StackHawk, etc.
- Security Protocols: SAML, OAuth 2, OIDC, LDAP, Kerberos, HTTP/S
- Threat Intelligence: Understanding and integrating threat intelligence feeds to identify emerging vulnerabilities.
- Penetration Testing: Assisting in planning and executing penetration tests and analyzing results.
- Security Controls: Validating and implementing security controls to mitigate identified vulnerabilities.
- Secure Coding Practices: Promoting and implementing secure coding practices to address application vulnerabilities.
- Able to clearly communicate your thoughts and actively listen to and integrate the thoughts and comments of others.
Other things to note
- This position is open to U.S. remote work. However, team members who reside within 20 miles of the Traverse City headquarters will follow a hybrid schedule, working from the office three days per week.
- May require travel for quarterly events.
- Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable.
If you reside in the following jurisdictions: Illinois, Colorado, California, District of Columbia, Hawaii, Maryland, Minnesota, Nevada, New York, or Jersey City, New Jersey, Cincinnati or Toledo, Ohio, Rhode Island, Washington, British Columbia, Canada please email recruiting@hagerty.com for compensation, comprehensive benefits and the perks that set us apart.
At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age, or car preference. We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world.
/
EEO/AA
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
AU, CA + 8 more
United Kingdom only