Senior Site Reliability and Vulnerability Management Engineer

Dear All,

Greetings of the day…!!!

ACL Digital is actively hiring for experienced Senior SRE Engineer with OpenStack to join our dynamic team.

Job Requirement - Senior SRE Engineer with OpenStack

Preferred Qualification: 5-10 Years Experience

Location - Mahadevpura, Bengaluru (WFO)

Key Responsibilities

• Perform continuous vulnerability discovery and analysis across product components (containers, OS, libraries, IaC, applications).
• Execute vulnerability analysis across product components (containers, images, OS, libraries) using tools like Trivy, Grype and CisCAT;
  automate scans and integrate results into CI/CD and CSR workflows to provide clear remediation guidance to customers and internal teams.
• Run and tune automated scanners (Trivy, Grype, CisCAT and others), validate findings, reduce false positives and prioritize issues by risk.
• Triage and validate vulnerabilities: reproduce, assess exploitability and impact, map to affected components and versions.
• Develop and maintain automation and tooling (Python) for scanning orchestration, report generation, alerting and remediation workflows.
• Produce clear reports and dashboards for security metrics, SLAs, vulnerability trends and progress.
• Stay current with vulnerability ecosystem: CVEs, advisories, exploit code and tooling updates.
• Triage and resolve cloud-related Customer Service Requests (CSRs) involving security issues (vulnerability reports, misconfigurations, access incidents), coordinating with cloud platform teams and engineering to reproduce, prioritize, and drive timely remediation.

Required Qualifications

• 3+ years’ experience in product security, vulnerability management, application security or similar.
• Hands-on experience with vulnerability scanning tools (Trivy, Grype, CisCAT or equivalents), strong ability to validate findings, reduce false positives, and translate technical results into actionable remediation steps for customers and cloud teams.
• Strong Python development skills: writing scripts, integrations, automation, unit tests.
• Solid understanding of Linux, containerization (Docker), container registries and image formats.
• Knowledge of CVE lifecycle, NVD, CVSS, and vulnerability prioritization methodologies.
• Excellent written and verbal communication;
  able to explain technical risk to engineers and non-technical stakeholders.

Immediate joiners are preferred, apply here or connect me [email protected]

Warm Regards

Zahid Ansari