Associate Vulnerability Management Engineer

We look for the risk-takers, the collaborators, the inspired and the inspirational. We want the people who are brave enough to work at the cutting edge and create solutions that will enrich and improve the lives of people across the globe. So, if you want to make the world say wow, let's talk.

Sony Electronics Singapore (SES) is seeking a highly motivated, self-driven Associate Vulnerability Management Engineer to join Sony’s Global Security Incident Response Team (GSIRT) Integrated Threat Defense (ITD) team. This position will be responsible for supporting an Enterprise Vulnerability Management Program to secure Sony’s information assets, services, and the products that depend on them. This position will be located in Singapore and will report to the Senior Manager, Vulnerability Management.

What you will be doing
- Perform open-source research and analysis to identify newly disclosed vulnerabilities and emerging exploit techniques.
- Maintain awareness of the latest vulnerabilities, CVEs, misconfigurations, and exploitation trends.
- Write and distribute security advisories on critical vulnerabilities, including mitigation guidance and potential impact analysis.
- Identify and improve the process for collecting, analyzing, and prioritizing vulnerability data.
- Conduct regular assessments of vulnerability management tools and workflows to ensure effectiveness and efficiency.
- Create and update documentation for vulnerability management processes, tooling, and remediation workflows.
- Provide training and support to team members on the use of vulnerability scanning and assessment tools.
- Prepare detailed vulnerability assessment reports, risk analyses, and briefings for GSIRT and relevant stakeholders.
- Support projects to improve vulnerability identification, risk scoring, and remediation tracking processes.
- Leverage threat intelligence to assess and prioritize vulnerabilities based on exploitability, active exploitation, and potential business impact.
- Collaborate with other Security and Incident Response Teams to support coordinated remediation and risk mitigation efforts.

What you should have
- Proven experience in vulnerability management, assessment, and remediation.
- Familiarity with scripting or basic programming (e.g., Python, PowerShell) to support vulnerability analysis and reporting tasks.
- Understanding of system and network security principles, vulnerability exploitation methods, and patch management practices.
- Basic understanding of vulnerability management frameworks and standards (e.g., CVSS, NVD, OWASP Top 10).
- Experience analyzing and correlating vulnerability data to inform risk-based remediation strategies and strengthen the organization’s security posture.
- Familiarity with vulnerability scanning and management tools (e.g., Qualys, Tenable, Rapid7).
- Strong work ethic and commitment to accomplish assigned tasks with a sense of urgency.
- Good communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear, business-relevant language.

Benefits you will have
- Flexible work arrangement (because we understand Life happens)
- Comprehensive medical benefits (including physical health screenings and term life insurance benefits)
- AWS and variable bonus
- Special staff purchase rates
- Flexible benefits (so you can claim for that staycay or gym membership you’ve been eyeing)
- Corporate social responsibility time off for 1 day each year to volunteer for a charity of your choice
- Milestone gifts (such as long service award and marriage gift because we want to celebrate both your professional and personal milestones)
- Wellness activities to promote healthy lifestyles
- Curated training programmes to encourage continuous professional development

At Sony, we strive to create a place for you to realise your potential and inspire you to make positive impact through innovation, smart collaboration and boundless curiosity. We are looking for people who believe that they can enrich lives and help us achieve our purpose - fill the world with emotion, through the power of creativity and technology.