Apply now »

Engineer, Vulnerability Management

Threat & Vulnerability Management Engineer


Position Summary:

The Threat & Vulnerability Management Engineer is responsible for the deployment, configuration, and management of vulnerability management tools and delivery of related services.

The role of Threat & Vulnerability Management Engineer is to detect security vulnerabilities in information systems and drive resolution in compliance with corporate security policy. You will work with system owners to evaluate vulnerability findings, identify false-positives, and prepare & deploy patches.

Essential Duties and Responsibilities:

  • Collaborate with key stakeholders including senior leadership to research, develop and implement an efficient architecture to discover vulnerabilities in both shoreside and maritime systems.
  • Manage the entire vulnerability lifecycle from discovery, triage, remediation, and validation.
  • Create and evolve a risk prioritization framework that accounts for multiple factors including vulnerability severity, system function, and network accessibility.
  • Help asset owners create effective solutions to safely patch infrastructure at scale, including assisting with automated deployment of common patches
  • Promote effective remediation while preserving stakeholder happiness.
  • Manage day-to-day workflow to ensure vulnerabilities are remediated within proper timelines.
  • Create process automation including scripting and API integrations

Qualifications, Knowledge, and Skills:

  • Bachelor’s Degree in information security or equivalent. Advanced degree preferred.
  • 4+ years of information technology experience, including 2+ years of specialization in vulnerability management.
  • Vulnerability Management experience, especially with vulnerability scanners (e.g. Rapid7, Tenable, etc.) and experience remediating issues with system owners
  • Application Security experience, especially SAST/DAST/SCA tools and experience remediating issues with code developers
  • Experience hardening system images according to industry baselines, such as CIS Benchmarks
  • Experience with cloud security posture management tools (e.g. Prisma, Orca Security, ZScaler CSPM, etc.) and remediating vulnerabilities and misconfigurations in cloud environments
  • Nexpose Certified Administrator certification strongly preferred
  • Vulnerability exploitation certifications including GEVA, GPEN, OSCP, or similar preferred
  • Scripting experience in Python, PowerShell, or similar tools preferred


This position is based in Manila, Philippines. Up to 30% travel including other countries may be required

Apply now »