Vulnerability Management Engineer at Proton

Job Description:

Purpose of the role

We are looking for an experienced vulnerability management engineer. You will be responsible for the development, maintenance, and governance of Proton's vulnerability management program. We encourage diversity, and appreciate top engineering and social skills.

What you will do:

• Develop and maintain Proton's vulnerability management program framework and toolsets Stay up-to-date on new vulnerabilities which might affect Proton's technology stack
• Measure, evaluate, prioritise, and track vulnerabilities
• Demonstrate and educate stakeholders on the real-world impact of threats and vulnerability exploitation on our environment
• Assist the business on vulnerability remediation efforts
• Develop, document, and report business-level metrics for vulnerabilities and remediation progress
• Drive the end-to-end vulnerability lifecycle, from discovery to closure
• Integrate the vulnerability management process with existing tools, such as the ticketing system and SIEM
• Work as part of a team to deploy and maintain secure and reliable network architecture, and system security best practices

Job requirements:

• Minimum 2 years of vulnerability management experience
• Experience in creating and running authenticated and unauthenticated vulnerability scans
• Experience in reading and understanding vulnerability scans (identify errors, identify areas where tool is not scanning assets, identify false positives)
• Experience in tuning, improving, and devising efficient scanning workflows across Vulnerability Management application stacks
• Experience in managing vulnerabilities in Docker and Kubernetes environments Strong communication skills (must be fluent in English)
• Ability to work with cross-business and cross-functional teams in a geographically distributed environment. Ability to work independently, as well as part of the team
• Good knowledge of system/network security and security best practices (network ACLs, authentication mechanisms, OS hardening)
• Good knowledge of Linux-based operating systems and their security-related components
• Good knowledge of networking and endpoint protection technologies, as well as related threat detection technologies (WAF, EDR, IDS/IPS)
• Strong analytical and creative problem-solving skills
• Good coding skills (Python)

Bonus points for:

• Experience using popular vulnerability scanning products
• Experience in Threat Modelling

Why you should join Proton:

• Be part of a movement - Proton is not just a product or service but a community-driven movement united by a shared vision of online freedom. Our services are open source, audited, and supported by community contributions. We give back to our community by maintaining core encryption libraries and supporting organizations that advance the same goals as us. Proton is free, open source, neutral, independent, and community first, while remaining financially sustainable.
• Work with smart and dedicated people - Our team is diverse, collaborative, and tight-knit, with people coming from all walks of life. Many members of our team spent time at the world’s top academic institutions, including MIT, Harvard, Stanford, Princeton, Caltech, Cambridge, and ETH.
• Join a strong brand - Our encrypted email service – Proton Mail - has grown to be a staple of online security and privacy. Proton has been featured in multiple popular television and film productions, such as Mr. Robot, Knives Out, Sounds of Metal, and more.
• Grow with us - We’re one of Europe’s fastest-growing companies. Our growth gives you limitless career and educational opportunities as well as the opportunity to work side-by-side with many world-leading experts in their fields.
• Have your voice heard - We value your opinion and encourage you to speak up and share your ideas and thoughts. At Proton, no problem is someone else’s problem. We collectively strive to do the right thing and be the undisputed best in the world at everything we do.
• Benefits – these vary by location and type of contract but expect support on your vacation, parental leave, refreshment if working from the office, learning and development opportunities, equity for shared success, flexible working hours and remote work, company events, and team-building activities.

Company Benefits

• Competitive salary, performance bonus and equity for shared success
• Opportunity to join our stock option plan
• Company laptop
• Generous vacation days and parental leave
• Free lunches, snacks, drinks in the office
• Company events & team buildings
• Flexible working hours and remote work
• Budget for learning & development opportunities
• Proton goodies and swag
• Diverse and international workplace

Interview Process

• Questionnaire related to the position (max 30 min)
• Talent Acquisition Call (60 min)
• Meet the team (45)
• Technical interview with the team (60 min)
• Technical interview with the Infrastructure team (60 min)
• Meeting the Team Lead (30 min)