Vulnerability Management Engineer

At Bumble the security of our customers is a top priority. As a vulnerability management engineer, you should be mission-focused in protecting our users' data, our company’s infrastructure and our global operations by ensuring systems are hardened, patched and well defended.

You’ll be the primary subject matter expert on the company’s ability to detect vulnerabilities across its vast IT and production environments. The primary responsibilities of this role include identifying, analysing, and prioritising vulnerabilities within the organisation. The ability to effectively aggregate, normalise, deduplicate and interpret data from multiple sources using Python or PowerShell is essential for this role.

You will work as part of a multidisciplinary team to defend our environment and should be focused on secure-by-design vulnerability management patterns. You should be tenacious with your curiosity both technically and organizationally about asset security risks, and work cross-functionally to resolve anything we don’t know. You will have the opportunity to produce advanced techniques to correlate vulnerability and asset intelligence, event information and coordination systems like Slack to increase our defensive security posture.

This role is based in London and will report into our Chief Information Security And Trust Officer

What You'll Do

• Perform periodic and on-demand system audits and vulnerability assessments of systems, internal applications and Cloud services to identify security vulnerabilities
• Document, prioritize and formally report on asset and vulnerability state as remediation activities progress
• Analyse cyber threat intelligence and make recommendations to mitigate threats and or improve security posture
• Partner with Infrastructure partners in Infrastructure Ops, Workplace Technology, Networks, and others to track and report on vulnerability remediation activities.
• Maintain and create metrics reporting for governance purposes
• Be part of a multi-disciplinary 24/7 on-call rotaIdentify, prototype and deploy technical solutions to automate vulnerability correlation and enrichment
• Operate with a focus to enable teams to meet or exceed patching SLAs; continuously seeking process improvements to achieve operational objectives
• Contribute to establishing, developing, and revising processes to build and strengthen the overall company operational security posture
• Contribute to threat management, and threat modelling, identify threat vectors and develop use cases for security vulnerability monitoring

Experience We Are Looking For

• In-depth security knowledge of Linux, but with familiarity of macOS and Windows
• Ability to perform data analysis with a variety of tools including scripting, databases, and spreadsheetsLog analysis and experience reviewing security events
• Hands-on experience with major vulnerability scanning platforms such as Tenable, Qualys, and other tools like Nuclei, OpenVAS, nmap
• Experience with graph databases, OLAP and other analytical database backends
• Knowledge of key components and the security models for OS, applications, databases and middleware to address security vulnerabilities
• Excellent communication and teamwork skills

About You

• Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty
• Motivation to solve problems, not to patch over quick fixes
• Being on-call shouldn’t be a burden to you or to team members.
• We want to be curious about our defences and filter noise to automate signal
• Ability to multi-task and handle high-pressure situations with key stakeholders
• Excellent analytical, problem solving and interpersonal skills
• Readiness to expand technical skill set, both through self-study and formal training
• \Willingness to learn to perform vulnerability prioritisation through the use of data science tooling and techniques