The Threat & Vulnerability Engineer is responsible for proactively identifying, assessing, prioritising,
and reducing security risks arising from vulnerabilities across the organisation's technology estate.
This role focuses on threat intelligence–driven vulnerability management, exposure analysis, and
risk-based remediation, working closely with infrastructure, application, and endpoint teams to
reduce the organisation's attack surface.
This is an engineering and risk-focused role, not a SOC or alert-monitoring position.
Key Responsibilities
1. Threat Intelligence & Vulnerability Research
• Collect, analyse, and contextualise threat intelligence related to:
o Emerging vulnerabilities
o Exploit trends and adversary techniques
o Actively exploited CVEs relevant to the organisation
• Translate external threat intelligence into actionable vulnerability prioritisation and
mitigation guidance.
• Maintain awareness of industry, vendor, and open-source vulnerability disclosures.
1. Vulnerability Management & Assessment
• Design, operate, and continuously improve the organisation's vulnerability management
programme.
• Conduct regular vulnerability scanning and assessment across:
o Endpoints and servers
o Network devices
o Databases
o Applications
o Connected and unmanaged devices
• Leverage tools such as CrowdStrike, Nessus, and Armis to identify exposure across the
estate.
• Validate vulnerability findings to reduce false positives and improve data quality
1. Risk-Based Prioritisation & Remediation
• Assess vulnerabilities based on:
o Exploitability
o Threat actor activity
o Asset criticality
o Business impact
• Develop clear, risk-based remediation plans in partnership with engineering and platform
teams.
• Track remediation progress and measure risk reduction over time.
• Provide compensating control recommendations where immediate remediation is not
possible.
1. Asset Visibility & Attack Surface Management
• Maintain accurate visibility of organisational assets, including hardware, software, and
connected devices.
• Use asset intelligence (via tools such as Armis) to:
o Identify unmanaged or unknown devices
o Ensure vulnerability coverage matches the real attack surface
• Work to reduce exposure caused by legacy systems, unsupported software, or
misconfigurations.
1. Security Engineering & Preventative Controls
• Partner with endpoint, infrastructure, and platform teams to strengthen preventative
security controls that reduce vulnerability exposure.
• Contribute to:
o Secure configuration baselines
o Hardening standards
o Patching and update strategies
• Support improvements in endpoint security posture, including MDM coverage and
configuration where it directly reduces risk
1. Stakeholder Engagement & Reporting
• Communicate vulnerability and threat risk clearly to technical and non-technical
stakeholders.
• Produce regular vulnerability and risk reporting, including:
o Exposure trends
o Top risk areas
o Remediation effectiveness
• Advise security leadership on strategic vulnerability and exposure risks.
Skills & Experience
Essential
• Strong experience in vulnerability management and risk-based prioritisation
• Hands-on experience with vulnerability scanning and endpoint protection tools (e.g. Nessus,
CrowdStrike)
• Strong understanding of:
o CVSS and exploitability metrics
o Modern attack techniques and kill chains
o Asset and exposure management concepts
• Ability to translate technical findings into business risk
Desirable
• Experience with attack surface management or connected-device security
• Familiarity with threat intelligence feeds and vulnerability research sources
• Background in systems security engineering or infrastructure security
Benefits
* Medical insurance
– Because your health and that of your family is our top priority. You're covered
* Holiday flat in Valencia
– Dreaming of sunny days in Spain? Our company flat is ready for your next getaway.
* Gifts for special occasions
– We love celebrating you Expect thoughtful surprises on Easter, Women's Day, Father's Day, and more.
* Anniversary gifts
* Team-building events
– We value connection beyond work, offering engaging team experiences in great locations to inspire collaboration and fun.
* End of the year celebrations
– We wrap up each year with a special celebration, filled with joy, laughter, and unforgettable moments.
* Day off on your birthday
– Your special day is yours to enjoy, no work required
* Community and social initiatives
– We bring people together through activities like Bring Kids to the Office Day, donation drives, tree planting, sporting events, decorating the Christmas tree with your colleagues, celebrating new office openings, Principal33's anniversary, Exchange Office, and more
* Access to Udemy Learning Platform
– We know growth matters, so you now have unlimited access to thousands of courses on Udemy. Develop your skills, anytime, anywhere
* German Language Courses
– We offer dedicated language courses to help you develop your German skills, supporting both personal and professional growth.
* SAP Courses
– We're preparing to launch specialized SAP training sessions to support your professional development and boost your expertise in this valuable field.
* Personal & Professional Growth
– We support your development through masterclasses with experienced trainers and are open to investing in courses and training that help you grow.