Talent.com
This job offer is not available in your country.
Vulnerability & Security Posture Management Engineer

Vulnerability & Security Posture Management Engineer

The British American Tobacco GroupSelangorMalaysia, Selangor, Malaysia
4 days ago
Job description

Overview

BAT is evolving at pace into a global multi-category business. Our purpose is to create A Better Tomorrow™ by Building a Smokeless World. To achieve our ambition, we are looking for colleagues who are ready to join us on this journey! Tomorrow can’t wait, let’s shape it together! BAT Digital Business Solution has an exciting opportunity for a Vulnerability & Security Posture Management Engineer in Subang Jaya.

Responsibilities

  • Security Posture Management : Develop and implement continuous monitoring and enforcement of security configurations and policies across various platforms, leveraging tools like Microsoft E5 capabilities (e.g., Defender External Attack Surface Management, Defender for Identity, Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps). Drive the reduction of configuration drift and ensure compliance with BAT security and technical standards, and external regulations.
  • Vulnerability Management : Lead the execution and optimization of vulnerability scanning using Qualys and other tools. Analyze, prioritize, and report on vulnerabilities based on risk, exploitability, and business impact. Proactively monitor threat intelligence feeds and advisories (e.g., CVE, CISA, NCSC, vendor bulletins) to stay current on emerging vulnerabilities and exploits. Collaborate with IT and BAT partners to ensure timely and effective remediation efforts are implemented and tracked.
  • Attack Surface Management : Continuously discover and inventory all internal and external assets, including cloud resources, to maintain a comprehensive view of the attack surface. Monitor for changes in the attack surface and proactively assess new exposures.
  • Reporting & Strategy : Generate clear, actionable reports and dashboards for technical teams and leadership detailing vulnerability status, trends, and risk reduction over time. Contribute to the strategic planning and selection of security tools and technologies.

Qualifications

  • Experience : Minimum 3+ years of experience in information security, with hands-on focus on vulnerability management, threat analysis, or security posture management.
  • Technical skills : Deep hands-on experience with commercial and open-source security tools, including Qualys (or similar platforms like Tenable / Rapid7); Microsoft E5 Security Stack (e.g., Defender for Endpoint, Defender for Identity, Defender for Cloud Apps) and Microsoft Exposure Management; Cloud (e.g., Azure, AWS).
  • Understanding : Knowledge of threat intelligence sources (e.g., CVE, CISA, vendor advisories) and how to apply them to remediation efforts.
  • Communication : Strong ability to translate raw technical data into business-relevant risk and remediation priorities; excellent communication, collaboration, and project management skills to drive cross-functional security initiatives.

    • What we offer

  • Market-leading annual performance bonus (subject to eligibility).
  • Benefits vary by country and include health plans, work-life balance initiatives, transportation support, and a flexible holiday plan with additional incentives.
  • Opportunities for internal advancement with a focus on your development; access to online learning platforms and personalized growth programs to nurture leadership skills.
  • Continuous improvement within a transformative environment to prepare for ongoing changes.

    • Why join BAT?

    We’re one of the few companies named as a Global Top Employer by the Top Employers Institute. Collaboration, inclusion and partnership underpin everything we do. We enable every individual to thrive, regardless of background, and support career breaks through The Global Returners program. Learn more about our culture and employee experience here. If you require any reasonable adjustments during recruitment, please notify us. We are committed to supporting you.

    #J-18808-Ljbffr

    Create a job alert for this search

    Security Engineer • SelangorMalaysia, Selangor, Malaysia