Talent.com
Vulnerability & Security Posture Management Engineer
Vulnerability & Security Posture Management EngineerThe British American Tobacco Group • SelangorMalaysia, Selangor, Malaysia
Vulnerability & Security Posture Management Engineer

Vulnerability & Security Posture Management Engineer

The British American Tobacco Group • SelangorMalaysia, Selangor, Malaysia
30+ days ago
Job description

Overview

BAT is evolving at pace into a global multi-category business. Our purpose is to create A Better Tomorrow™ by Building a Smokeless World. To achieve our ambition, we are looking for colleagues who are ready to join us on this journey! Tomorrow can’t wait, let’s shape it together! BAT Digital Business Solution has an exciting opportunity for a Vulnerability & Security Posture Management Engineer in Subang Jaya.

Responsibilities

  • Security Posture Management : Develop and implement continuous monitoring and enforcement of security configurations and policies across various platforms, leveraging tools like Microsoft E5 capabilities (e.g., Defender External Attack Surface Management, Defender for Identity, Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps). Drive the reduction of configuration drift and ensure compliance with BAT security and technical standards, and external regulations.
  • Vulnerability Management : Lead the execution and optimization of vulnerability scanning using Qualys and other tools. Analyze, prioritize, and report on vulnerabilities based on risk, exploitability, and business impact. Proactively monitor threat intelligence feeds and advisories (e.g., CVE, CISA, NCSC, vendor bulletins) to stay current on emerging vulnerabilities and exploits. Collaborate with IT and BAT partners to ensure timely and effective remediation efforts are implemented and tracked.
  • Attack Surface Management : Continuously discover and inventory all internal and external assets, including cloud resources, to maintain a comprehensive view of the attack surface. Monitor for changes in the attack surface and proactively assess new exposures.
  • Reporting & Strategy : Generate clear, actionable reports and dashboards for technical teams and leadership detailing vulnerability status, trends, and risk reduction over time. Contribute to the strategic planning and selection of security tools and technologies.

Qualifications

  • Experience : Minimum 3+ years of experience in information security, with hands-on focus on vulnerability management, threat analysis, or security posture management.
  • Technical skills : Deep hands-on experience with commercial and open-source security tools, including Qualys (or similar platforms like Tenable / Rapid7); Microsoft E5 Security Stack (e.g., Defender for Endpoint, Defender for Identity, Defender for Cloud Apps) and Microsoft Exposure Management; Cloud (e.g., Azure, AWS).
  • Understanding : Knowledge of threat intelligence sources (e.g., CVE, CISA, vendor advisories) and how to apply them to remediation efforts.
  • Communication : Strong ability to translate raw technical data into business-relevant risk and remediation priorities; excellent communication, collaboration, and project management skills to drive cross-functional security initiatives.

    • What we offer

  • Market-leading annual performance bonus (subject to eligibility).
  • Benefits vary by country and include health plans, work-life balance initiatives, transportation support, and a flexible holiday plan with additional incentives.
  • Opportunities for internal advancement with a focus on your development; access to online learning platforms and personalized growth programs to nurture leadership skills.
  • Continuous improvement within a transformative environment to prepare for ongoing changes.

    • Why join BAT?

    We’re one of the few companies named as a Global Top Employer by the Top Employers Institute. Collaboration, inclusion and partnership underpin everything we do. We enable every individual to thrive, regardless of background, and support career breaks through The Global Returners program. Learn more about our culture and employee experience here. If you require any reasonable adjustments during recruitment, please notify us. We are committed to supporting you.

    #J-18808-Ljbffr

    Create a job alert for this search

    Security Engineer • SelangorMalaysia, Selangor, Malaysia

    Similar jobs
    Cloud Security Engineer — Multi-Cloud Defender

    Cloud Security Engineer — Multi-Cloud Defender

    EPS Consultants • Kuala Lumpur, Kuala Lumpur, Malaysia
    A leading digital financial services provider in Kuala Lumpur is seeking a skilled Cloud Security Engineer to safeguard their cloud infrastructure across AWS, Azure, and Alibaba Cloud.The role invo...Show more
    Last updated: 1 day ago • Promoted
    Cloud Security Architect : Secure Cloud & DevSecOps

    Cloud Security Architect : Secure Cloud & DevSecOps

    Maybank • Kuala Lumpur, Kuala Lumpur, Malaysia
    A leading financial institution in Kuala Lumpur is seeking a Cloud Security Architect.In this role, you will serve as a subject matter expert for cloud security, ensuring secure integrations in mul...Show more
    Last updated: 2 days ago • Promoted
    Patching and Vulnerability Engineer

    Patching and Vulnerability Engineer

    Ekco • Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, MY
    Quick Apply
    Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!.We specialise in enabling companies to progress along the path of cloud maturity, managing transformation ...Show more
    Last updated: 30+ days ago
    GCP Security Operations Engineer - Remote Contract

    GCP Security Operations Engineer - Remote Contract

    Alphaeus Pte Ltd • Kajang Municipal Council, Selangor, Malaysia
    A technology firm in Malaysia seeks a GCP Security Operations Engineer.This role involves monitoring and responding to security threats within Google Cloud environments. The ideal candidate has over...Show more
    Last updated: 2 days ago • Promoted
    Security Ops - Authentication Engineer

    Security Ops - Authentication Engineer

    Eli Lilly and • Petaling Jaya, Selangor, Malaysia
    At Lilly, we unite caring with discovery to make life better for people around the world.We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work...Show more
    Last updated: 2 days ago • Promoted
    Manager, Threat Detection & Engineering

    Manager, Threat Detection & Engineering

    Awantec • Cyberjaya, Selangor, Malaysia
    Lead deployment, optimization, and lifecycle management of SIEM, EDR, and XDR platforms, ensuring effective detection coverage and alignment with MITRE ATT&CK. Oversee threat monitoring activities, ...Show more
    Last updated: 2 days ago • Promoted
    Security Dev Engineer - Automation & Cloud Resilience

    Security Dev Engineer - Automation & Cloud Resilience

    PayNet (Payments Network Malaysia) • Kuala Lumpur, Kuala Lumpur, Malaysia
    A leading payments network provider in Malaysia is looking for a Security Development Engineer to enhance automation, security governance, and operational resilience. Responsibilities include develo...Show more
    Last updated: 4 days ago • Promoted
    Threat Detection & Engineering Lead

    Threat Detection & Engineering Lead

    Awantec • Cyberjaya, Selangor, Malaysia
    A cybersecurity solutions provider in Cyberjaya is seeking a skilled cybersecurity engineer to lead the deployment and optimization of SIEM and EDR platforms. Responsibilities include overseeing thr...Show more
    Last updated: 2 days ago • Promoted
    Team Lead - Security Engineering

    Team Lead - Security Engineering

    TG Malaysia • Kuala Lumpur, Kuala Lumpur, Malaysia
    Assistant Manager - Regional Recruitment at TG Malaysia | APAC Talent Acquisition Leader | Driving Cross-Border Hiring Strategies. Work within established practices and represent Security Engineerin...Show more
    Last updated: 4 days ago • Promoted
    IAM Security Ops Engineer - 24 / 7 Access & Incident Response

    IAM Security Ops Engineer - 24 / 7 Access & Incident Response

    Eli Lilly and • Petaling Jaya, Selangor, Malaysia
    A leading global healthcare company is seeking a Security Ops Engineer in Petaling Jaya, Malaysia, to oversee identity and access management systems. This crucial role involves incident management, ...Show more
    Last updated: 2 days ago • Promoted
    IAM Security Ops Engineer — 24 / 7 Identity Access

    IAM Security Ops Engineer — 24 / 7 Identity Access

    Eli Lilly and Company • Petaling Jaya, Selangor, Malaysia
    A global healthcare leader in Petaling Jaya is seeking a Security Ops Engineer.The role is vital for ensuring secure access to enterprise resources and supporting identity services.Ideal candidates...Show more
    Last updated: 7 hours ago • Promoted • New!
    Cloud Engineer

    Cloud Engineer

    Alphaeus Pte Ltd • Subang Jaya, Selangor, Malaysia
    A GCP Security Operations Engineer is responsible for detecting, monitoring, analyzing, investigating, and responding to security threats across workloads, endpoints, and infrastructure hosted on G...Show more
    Last updated: 1 day ago • Promoted
    Security Ops - Authentication Engineer

    Security Ops - Authentication Engineer

    Eli Lilly and Company • Petaling Jaya, Selangor, Malaysia
    At Lilly, we unite caring with discovery to make life better for people around the world.We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work...Show more
    Last updated: 30+ days ago • Promoted
    Security Development Engineer

    Security Development Engineer

    PayNet (Payments Network Malaysia) • Kuala Lumpur, Kuala Lumpur, Malaysia
    Security Development Engineer – PayNet (Payments Network Malaysia).Contributor to PayNet’s Security Engineering team, driving automation, security governance and operational resilience across the o...Show more
    Last updated: 4 days ago • Promoted
    Security Engineer​

    Security Engineer​

    MVC Resources • Petaling Jaya, 10, my
    Quick Apply
    IT Security and Network Company recently acquired by Macnica Inc – a US 5.Billion Dollar Revenue company.With offices in Singapore, Australia, Cambodia, India, Indonesia, .Malaysia, Myanmar, N...Show more
    Last updated: 3 days ago
    Cyber Threat Engineer - Security Ops & Incident Response

    Cyber Threat Engineer - Security Ops & Incident Response

    UOB • Kuala Lumpur, Kuala Lumpur, Malaysia
    A leading bank in Asia seeks a mid-senior level professional to manage and support Cyber security deployments, ensuring robust infrastructure and proposing process improvements.This full-time role ...Show more
    Last updated: 2 days ago • Promoted
    Senior Network Security Engineer - Firewall & IDS Expert

    Senior Network Security Engineer - Firewall & IDS Expert

    Hong Leong Bank • Petaling Jaya, Selangor, Malaysia
    A leading financial institution in Malaysia is seeking a Network Security Engineer to manage and operate security infrastructure including firewalls and intrusion prevention systems.The ideal candi...Show more
    Last updated: 4 days ago • Promoted
    Network Security DevOps Engineer - Automate & Protect IT

    Network Security DevOps Engineer - Automate & Protect IT

    Dexian Asia Pacific • Kuala Lumpur, Kuala Lumpur, Malaysia
    A leading technology firm in Kuala Lumpur is seeking a Network Security DevOps Engineer to design and manage network security strategies. The role requires at least three years of experience in netw...Show more
    Last updated: 4 days ago • Promoted