Senior Vulnerability Engineer, hibrido
Senior Vulnerability Engineer
Reporting to the Manager of this division, your main responsibilities will be:
Operate the vulnerability management platform and associated processes, including maintaining asset inventories, coordinating validations and retests, supporting detection tuning, delivering metrics and runbooks that empower engineering teams to remediate efficiently, and engaging with product and platform stakeholders to facilitate triage, clarify ownership and coordinate remediation activities
Design and engineer scalable, secure integration patterns and automation for the vulnerability management ecosystem, including APIs, service-account patterns, CI/CD pipelines, data schemas, observability and SLAs you will build reusable integration components, document interfaces and hand off stable integration artifacts for others to consume
Operate offensive and assessment capabilities, perform vulnerability scanning and testing workflows, and run the bug-bounty / vulnerability disclosure life-cycle (triage, closure and retests)Conduct and evaluate internal penetration tests and red team exercises to validate controls, test detection and response, and produce actionable remediation guidance
Conduct deep technical vulnerability investigations, run threat-modelling sessions, coordinate countermeasure testing to validate mitigations, and triage and prioritise findings with product and infrastructure teams
Ensure assets forward appropriate telemetry to central detection systems, help define detection rules, and convert intelligence and scan output into meaningful alerts and triage workflows
Act as a cross-team subject matter expert supporting other Security and engineering/product teams with remediation guidance, run-books and best practices.
Attractive salary packageReally power team in a top company
We are looking someone with at least 5-8 years of experience, with a solid foundation in vulnerability management, recent pentesting, automation (Python, Go, or others), and strong communication skills. Working in a small, highly horizontal senior InfoSec team in an international environment (English required) and a hybrid model (1-2 days in the office).The role is highly hands-on and autonomous, focused on managing end-to-end vulnerabilities (identification, analysis, prioritization, and monitoring), executing full internal penetration testing, and automating security processes (scripts, integrations, use of AI) in cloud environments (primarily AWS) and CI/CD (GitHub), collaborating closely with other teams to explain risks and coordinate remediation (incident management is handled by others).
Multinational Tech company
Hybrid and flexible work model
Chances to extend the partnership
Attractive salary conditions
Python, Go, AWS, GitHub, CI/CD, APIs,