Vulnerability Management Engineer

A better internet is possible, one that empowers people to choose how their personal information is used. This might seem daunting, or even impossible, but at Proton, building this better internet is what we do every day.

Proton was founded in 2014 by a group of scientists who met at the European Organization for Nuclear Research (CERN). Our first product, Proton Mail, is now the world’s largest encrypted email service. Subsequent Proton products, such as Proton VPN, Proton Calendar, and Proton Drive, use end-to-end encryption that gives our users full control over how and with whom their data is shared.

Today, Proton is making privacy universally accessible to more than 70 million registered users, including journalists, some of the world’s largest organizations, and people in more than 180 countries. Our diverse and dynamic team is made up of more than 400 members representing over 30 different nationalities. While we are based in Geneva, Switzerland, we have offices in Zurich, Prague, London, Vilnius, Skopje, Taipei, and many more employees working remotely around the world.

New York Times journalists, some of the world’s largest corporations, and millions of ordinary citizens use our products so they can choose who, if anyone, sees their information. Join us at one of Europe’s fastest-growing companies to help us solve challenging problems and build new products that will reach hundreds of millions of people. We want to create more than just one of the world’s most impactful tech companies, we want to create a new internet that serves the interests of all people. We need you, your voice, your ideas, and your ambition to make it happen.

Purpose of the role

We are looking for an experienced vulnerability management engineer. You will be responsible for the development, maintenance, and governance of Proton's vulnerability management program. We encourage diversity, and appreciate top engineering and social skills.

What you will do

• Develop and maintain Proton's vulnerability management program framework and toolsets
• Stay up-to-date on new vulnerabilities which might affect Proton's technology stack
• Measure, evaluate, prioritise, and track vulnerabilities
• Demonstrate and educate stakeholders on the real-world impact of threats and vulnerability exploitation on our environment
• Assist the business on vulnerability remediation efforts
• Develop, document, and report business-level metrics for vulnerabilities and remediation progress
• Drive the end-to-end vulnerability lifecycle, from discovery to closure
• Integrate the vulnerability management process with existing tools, such as the ticketing system and SIEM
• Work as part of a team to deploy and maintain secure and reliable network architecture, and system security best practices

Requirements

• Minimum 2 years of vulnerability management experience
• Experience in creating and running authenticated and unauthenticated vulnerability scans
• Experience in reading and understanding vulnerability scans (identify errors, identify areas where tool is not scanning assets, identify false positives)
• Experience in tuning, improving, and devising efficient scanning workflows across Vulnerability Management application stacks
• Experience in managing vulnerabilities in Docker and Kubernetes environments
• Strong communication skills (must be fluent in English)
• Ability to work with cross-business and cross-functional teams in a geographically distributed environment. Ability to work independently, as well as part of the team
• Good knowledge of system/network security and security best practices (network ACLs, authentication mechanisms, OS hardening)
• Good knowledge of Linux-based operating systems and their security-related components
• Good knowledge of networking and endpoint protection technologies, as well as related threat detection technologies (WAF, EDR, IDS/IPS)
• Strong analytical and creative problem-solving skills
• Good coding skills (Python)

Bonus points for

• Experience using popular vulnerability scanning products
• Experience in Threat Modelling

Why you should join Proton

• Be part of a movement - Proton is not just a product or service but a community-driven movement united by a shared vision of online freedom. Our services are open source, audited, and supported by community contributions. We give back to our community by maintaining core encryption libraries and by supporting other organizations furthering the same goals as us.
• Work with smart and dedicated people - Our team is diverse, collaborative, and tight-knit with people coming from all walks of life, including many of the world’s top academic institutions and organizations, such as MIT, Harvard, Stanford, Caltech, Cambridge, and ETH.
• Join a strong brand - Our encrypted email service - ProtonMail - has grown to be a staple of online security and privacy. Proton has been featured in multiple popular television and film productions, such as Mr. Robot, Knives Out, Sounds of Metal, and more.
• Grow with us - We’re one of Europe’s fastest-growing startups, doubling in size every year. Our growth gives you limitless career and educational opportunities as well as the opportunity to work side-by-side with many world-leading experts in their fields.
• Have your voice heard - We value your opinion and encourage you to speak up and share your ideas and thoughts. At Proton, no problem is someone else’s problem. We collectively strive to do the right thing and be the undisputed best in the world at everything we do.
• Benefits – these vary by location and type of contract but expect support on your vacation, parental leave, refreshment if working from the office, learning and development opportunities, equity for shared success, flexible working hours and remote work, company events and team building activities.

Proton uses the Recruitee recruitment platform for a more effective hiring process and a better candidate experience. Your data will always be kept confidential and is not shared with any third parties. Keep in mind that you will receive emails from the email address [email protected] or other addresses on the protonmail.recruitee.com domain. Due to recent scams, please be careful with any suspicious emails pretending to be Proton team and forward them to [email protected]. Proton will never ask for payments from candidates.Proton does not accept unsolicited resumes from any sources other than directly from a candidate. Proton will not pay a fee for any placement resulting from the receipt of an unsolicited offer, even in a situation when the relevant candidate is employed by Proton.By applying to a role at Proton, you acknowledge that we will process and store your personal data for at least the duration of the hiring process and as necessary to enter a contractual relationship with you.