The Threat & Vulnerability Engineer is responsible for proactively identifying, assessing, prioritising,and reducing security risks arising from vulnerabilities across the organisation's technology estate.This role focuses on threat intelligence–driven vulnerability management, exposure analysis, andrisk-based remediation, working closely with infrastructure, application, and endpoint teams toreduce the organisation's attack surface.This is an engineering and risk-focused role, not a SOC or alert-monitoring position.Key ResponsibilitiesThreat Intelligence & Vulnerability Research• Collect, analyse, and contextualise threat intelligence related to:o Emerging vulnerabilitieso Exploit trends and adversary techniqueso Actively exploited CVEs relevant to the organisation• Translate external threat intelligence into actionable vulnerability prioritisation andmitigation guidance.• Maintain awareness of industry, vendor, and open-source vulnerability disclosures.Vulnerability Management & Assessment• Design, operate, and continuously improve the organisation's vulnerability managementprogramme.• Conduct regular vulnerability scanning and assessment across:o Endpoints and serverso Network deviceso Databaseso Applicationso Connected and unmanaged devices• Leverage tools such as CrowdStrike, Nessus, and Armis to identify exposure across theestate.• Validate vulnerability findings to reduce false positives and improve data qualityRisk-Based Prioritisation & Remediation• Assess vulnerabilities based on:o Exploitabilityo Threat actor activityo Asset criticalityo Business impact• Develop clear, risk-based remediation plans in partnership with engineering and platformteams.• Track remediation progress and measure risk reduction over time.• Provide compensating control recommendations where immediate remediation is notpossible.Asset Visibility & Attack Surface Management• Maintain accurate visibility of organisational assets, including hardware, software, andconnected devices.• Use asset intelligence (via tools such as Armis) to:o Identify unmanaged or unknown deviceso Ensure vulnerability coverage matches the real attack surface• Work to reduce exposure caused by legacy systems, unsupported software, ormisconfigurations.Security Engineering & Preventative Controls• Partner with endpoint, infrastructure, and platform teams to strengthen preventativesecurity controls that reduce vulnerability exposure.• Contribute to:o Secure configuration baselineso Hardening standardso Patching and update strategies• Support improvements in endpoint security posture, including MDM coverage andconfiguration where it directly reduces riskStakeholder Engagement & Reporting• Communicate vulnerability and threat risk clearly to technical and non-technicalstakeholders.• Produce regular vulnerability and risk reporting, including:o Exposure trendso Top risk areaso Remediation effectiveness• Advise security leadership on strategic vulnerability and exposure risks.Skills & ExperienceEssential• Strong experience in vulnerability management and risk-based prioritisation• Hands-on experience with vulnerability scanning and endpoint protection tools (e.g. Nessus,CrowdStrike)• Strong understanding of:o CVSS and exploitability metricso Modern attack techniques and kill chainso Asset and exposure management concepts• Ability to translate technical findings into business riskDesirable• Experience with attack surface management or connected-device security• Familiarity with threat intelligence feeds and vulnerability research sources• Background in systems security engineering or infrastructure securityBenefitsMedical insurance – Because your health and that of your family is our top priority. You're coveredHoliday flat in Valencia – Dreaming of sunny days in Spain? Our company flat is ready for your next getaway.Gifts for special occasions – We love celebrating you Expect thoughtful surprises on Easter, Women's Day, Father's Day, and more.Anniversary giftsTeam-building events – We value connection beyond work, offering engaging team experiences in great locations to inspire collaboration and fun.End of the year celebrations – We wrap up each year with a special celebration, filled with joy, laughter, and unforgettable moments.Day off on your birthday – Your special day is yours to enjoy, no work requiredCommunity and social initiatives – We bring people together through activities like Bring Kids to the Office Day, donation drives, tree planting, sporting events, decorating the Christmas tree with your colleagues, celebrating new office openings, Principal33's anniversary, Exchange Office, and moreAccess to Udemy Learning Platform – We know growth matters, so you now have unlimited access to thousands of courses on Udemy. Develop your skills, anytime, anywhereGerman Language Courses – We offer dedicated language courses to help you develop your German skills, supporting both personal and professional growth.SAP Courses – We're preparing to launch specialized SAP training sessions to support your professional development and boost your expertise in this valuable field.Personal & Professional Growth – We support your development through masterclasses with experienced trainers and are open to investing in courses and training that help you grow.