Connecting clients to markets – and talent to opportunity.

With 5,400+ employees and over 80,000 institutional, commercial, and payments clients, we operate from more than 80 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth.

Business Segment Overview: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Position Purpose:

The Senior Vulnerability Management Engineer is responsible for the technical ownership, reliability, and continuous improvement of the organization’s vulnerability and exposure management capabilities across infrastructure, applications, and cloud environments. This role focuses on ensuring accurate visibility, high-fidelity data, and well-integrated tooling to support risk-based decision making and effective remediation.

Technology Ecosystem:

• Front-End: Vulnerability dashboards and reporting platforms (Tenable, Qualys, Rapid7, Microsoft Defender Vulnerability Management, Armis VIPR)
• Back End: Vulnerability scanners, data pipelines, integrations, and ticketing platforms (ServiceNow, Jira)
• Exposure Management & Asset Intelligence: Armis Centrix, External Attack Surface Management tools, Continuous Threat Exposure Management (CTEM) tools
• Cloud: AWS, Azure, GCP

Primary duties will include: 

• Operate and maintain vulnerability and exposure management platforms, including execution, validation, and troubleshooting of scanning activities, ensuring accurate configuration, comprehensive coverage, and high-fidelity results across enterprise environments.
• Serve as a senior technical subject matter expert, resolving complex issues, improving platform performance, and enhancing vulnerability management capabilities.  
• Correlate vulnerability data with asset criticality, vulnerability intelligence, and exploitability indicators to support risk-based prioritization efforts.
• Engineer and maintain dashboards, reporting, and data pipelines to enable visibility into vulnerability posture, trends, and operational metrics.
• Develop, maintain, and enhance engineering processes and documentation for vulnerability and exposure management tooling, including scanning, exception handling, and compliance reporting.
• Lead proof of concepts (PoCs) to evaluate, implement, and optimize vulnerability and exposure management tooling and automation, integrating with asset management, CMDB, ticketing, and security platforms to enhance vulnerability detection, prioritization, and remediation workflows.
• Evaluate, build, and deploy AI/ML-assisted tooling for VM lifecycle management, capacity planning, and anomaly detection.

This list of duties and responsibilities is not intended to be all-inclusive and can be expanded to include other duties or responsibilities that management deems necessary.

To land this role you will need:

• 5–7+ years of overall technology experience, including at least 3–5 years in vulnerability management, exposure management, or information security engineering roles with hands-on responsibility for tooling and platforms.
• Strong hands-on experience operating, configuring, optimizing, and troubleshooting vulnerability management and exposure management tools (Tenable, Qualys, Rapid7, Microsoft Defender Vulnerability Management, Armis Centrix/VIPR, and exposure management platforms such as EASM and CTEM tools).
• Solid understanding of enterprise environments, including operating systems (Windows, Linux, MacOS), cloud platforms (AWS, Azure, GCP), networking, and identity systems.
• Working knowledge of vulnerability prioritization methodologies (CVSS, EPSS), vulnerability intelligence (CISA KEV), and their application to risk-based decision making.
• Strong analytical, technical problem-solving, and communication skills, with the ability to diagnose complex issues, improve system performance, and work independently while collaborating effectively with emotional intelligence.

What makes you stand out:

• Experience integrating vulnerability management tools with exposure management and vulnerability prioritization platforms, ticketing systems (ServiceNow, Jira), asset management, SIEM (Splunk, Sentinel), or SOAR.
• Experience building or enhancing automation and workflows using scripting languages (Python, PowerShell).
• Experience collaborating with threat intelligence or red team functions to assess exploitability.
• Familiarity with security frameworks and regulatory requirements (CIS, NIST CSF, PCI, ISO, SOX, FINRA, ITIL).

Education / Certification Requirements:

• Associates, Bachelor’s or Master’s degree in Information Security, Information Assurance, Information Systems, Computer Science, Engineering Sciences, STEM, or a related field (or equivalent hands-on experience).
• SANS related certifications (GSEC, GCIA, GCED, GCIH, GCCC, GMON, GPEN, GEVA, etc.).
• Additional relevant certifications may be considered.

Work environment:

• Office located in São Paulo
• Hybrid model (4 days/week in the office, 1 day/week remote)

Benefits:

• Medical and life insurance
• Public Transportation Voucher
• Meal and food allowances
• TotalPass or Gympass

#LI-Hybrid #LI-DK1