Principal Engineer, Attack Surface and Vulnerability Management (ASVM)

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

How you can make a difference  

HealthEquity is seeking a highly skilled and visionary Principal Engineer to join our Attack Surface and Vulnerability Management (ASVM) team. This role is instrumental in safeguarding our infrastructure by driving automation, managing our external attack surface, and applying AI to streamline security operations.

What you’ll be doing 

• Lead the design and implementation of automation solutions to streamline vulnerability and attack surface management.
• Aggregate and manage vulnerability data in ServiceNow, ensuring accuracy for reporting and decision-making.
• Identify, assess, and prioritize infrastructure vulnerabilities; guide remediation strategies.
• Monitor and manage HealthEquity’s external attack surface with high fidelity and responsiveness.
• Integrate AI technologies to enhance automation and reduce manual intervention.
• Collaborate with penetration testing and other security teams to ensure comprehensive coverage.
• Define and implement security controls across cloud and on-prem infrastructure.
• Support Purple Team exercises and contextualize vulnerabilities for business impact.
• Build business cases for security investments and support roadmap development.
• Lead vendor engagements for penetration testing and assessments.
• Mentor junior engineers and foster a culture of knowledge sharing.
• Stay current with emerging threats and partner with Cyber Threat Intelligence.

What you will need to be successful

• 8+ years in information security with a focus on infrastructure and vulnerability management.
• Bachelor’s degree in a relevant field or equivalent experience.
• Deep expertise in Tenable, Tanium, Defender for EASM, Shodan, Azure, Splunk, and Kali.
• Strong scripting and automation skills (Python, PowerShell, Selenium, API integration).
• Proficiency in ServiceNow, especially the Vulnerability Response module.
• Experience with tools such as Arnica, SonarQube, Aqua, Veracode.
• Familiarity with industry frameworks (NIST CSF, ISO 27001, OWASP, CISA KEV, CIS Top 20).
• Strong communication skills with experience presenting to technical and executive audiences.
• Business intelligence experience (Power BI, Tableau).
• Relevant certifications such as CISSP, CISM, OSCP, or CCSP.
• An automation-first mindset with a passion for applying AI to security challenges.
• Deep infrastructure domain expertise and strategic thinking.
• A collaborative spirit and ability to influence across teams and levels.

#LI-Remote

This is a remote position.

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:  

• Medical, dental, and vision 

• HSA contribution and match 

• Dependent care FSA match 

• Uncapped paid time off 

• Paid parental leave 

• 401(k) match 

• Personal and healthcare financial literacy programs 

• Ongoing education & tuition assistance 

• Gym and fitness reimbursement 

• Wellness program incentives 

Why work with HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

You belong at HealthEquity!

HealthEquity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity – you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot’s AI technology recording and transcribing your interview with your Talent Partner. This information will be reviewed for accuracy and then used by HealthEquity to summarize the interview, ensure accuracy, and facilitate our hiring process. We take privacy seriously. You have the option to opt out. If you wish to opt out of this Microsoft Copilot transcription, please notify your Talent Partner in advance of the interview. If we do not receive an opt-out request from you, we will assume that you consent to the use of Microsoft Copilot.

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.