Vulnerability Management Engineer - Gen
Join Gen and empower Digital Freedom for nearly half a billion users worldwide!
About Gen: Powering Digital Freedom
Gen is a global leader dedicated to empowering Digital Freedom through an iconic portfolio of trusted consumer brands, including Norton, Avast, LifeLock, MoneyLion, and more. With a rich heritage rooted in financial empowerment and cyber safety, we deliver award-winning cybersecurity, online privacy, identity protection, and financial wellness solutions to approximately 500 million users across over 150 countries.
At Gen, we share a collective passion: to protect consumers and help them thrive in their digital and financial lives. We actively seek smart, fearless, and high-impact talent who embrace AI as a powerful teammate, leveraging it to accelerate innovation and deliver meaningful results. When you join our team, you’ll find the flexibility, tools, and support to excel in your career, from flexible working options and generous time off to competitive compensation, comprehensive benefits, and robust well-being programs.
Our culture is scrappy and relentlessly customer-driven. We foster an environment that encourages healthy debate, bold experimentation, and continuous learning. We value diverse experiences, identities, and ideas, understanding that our differences are a competitive advantage. You’ll collaborate with colleagues who back each other, respect each other, and are committed to making a real impact. If you’re ready to be part of a team that’s defining the future of digital safety, we invite you to join Gen.
The Opportunity: Vulnerability Management Engineer Translate intricate legal and security framework requirements into clear, actionable vulnerability management and remediation programs that seamlessly operate across multiple Security and DevOps teams. Who You Are: Proven Experience: Typically 3–5 years of practical exposure or hands-on experience in vulnerability management, security engineering, or security program delivery within dynamic cloud/software environments. Your Journey Ahead: First Round: You'll have an engaging conversation with Andrej Valentovič, the Hiring Manager for this role, to delve deeper into your experience and the exciting aspects of the position.
Are you an independent, driven security professional who thrives at the dynamic intersection of security, DevOps, and delivery? Do you enjoy transforming complex requirements into practical, measurable, and delivered solutions? Then this role is for you!
Our team, responsible for bringing you industry-leading brands like Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner, is dedicated to providing unparalleled cybersecurity, privacy, and identity protection to our vast global user base. We offer a diverse and inclusive environment where every team member is valued, with flexible working options, generous time off, and competitive benefits. Join us to help consumers take control of their digital lives and power Digital Freedom worldwide.
In this critical role, you will:
Architect, operationalize, and continually enhance our end-to-end vulnerability management lifecycle, encompassing identification, triage, prioritization, remediation, validation, and comprehensive reporting.
Drive the integration of secure development practices within regulatory frameworks, guiding crucial areas such as vulnerability handling, coordinated disclosure, Software Bill of Materials (SBOM) transparency, robust patch management, and vigilant post-deployment monitoring.
Proactively track, meticulously report on, and effectively escalate progress, potential risks, and inter-team dependencies. You will work closely with a Senior Project Manager and regularly report to senior leadership, ensuring alignment and transparency.
You are a seasoned security professional with a passion for driving impactful change and a proven track record. You bring:
Autonomous Drive: Demonstrated ability to work independently, take initiative, and consistently drive outcomes across multiple, cross-functional teams.
Regulatory Mastery: A solid working understanding of regulatory security requirements and demonstrated experience with the implementation of common frameworks and regulations (e.g., ISO 27001, NIS2, SOC 2, GDPR, PCI DSS).
Exceptional Translation Skills: The ability to expertly transform complex policy and control language into developer-ready user stories, precise acceptance criteria, clear remediation tasks, and comprehensive runbooks.
Tooling Proficiency: Hands-on experience utilizing industry-standard work tracking tools (e.g., Jira, Azure DevOps) and a knack for crafting insightful status reports and dashboards for leadership.
Strong Communication: Adept at analyzing complex vulnerability trends, including ageing, patch latency, and systemic root causes. Supported by concise writing ability, clear meeting facilitation, and demonstrated experience in achieving critical stakeholder alignment.
DevOps Acumen: A deep understanding of modern SDLC/DevOps practices, including CI/CD pipelines, Infrastructure as Code (IaC), and robust change management processes.
Cloud Expertise: Experience operating within major cloud environments (AWS/Azure/GCP), including a strong grasp of shared responsibility models and effective guardrail patterns.
Bonus: A wry sense of humor is always a plus!
Our interview process is designed to be insightful and collaborative:
Second Round: You'll participate in an online interview with Andrej's manager to further explore your fit within the team and discuss your aspirations.