Senior Security Operations & Vulnerability Management Engineer

We work in hybrid mode 3+2, at least 3 days at the office (with mandatory Wednesdays and Thursdays) and 2 days at the home office.

The location of our office is Puszkarska 7J/Building E, 30-644 Kraków, Polska.

We employ only via an employment contract – FTE.

Role Overview

We are looking for a Senior Engineer who views Vulnerability Management as a risk-reduction craft, not a compliance checkbox. While you will be involved in high-level security operations, your primary focus is to evolve our Threat & Vulnerability Management (TVM) program from "running scans" to "driving impactful remediation of real risk."

This isn't a role for someone who just forwards PDF reports. We need a technical leader who can cut through the noise of thousands of alerts, translate CVSS scores into actual business risk, and work as a peer with our Engineering and IT teams to get things fixed. You’ll be the bridge between technical telemetry and executive-level risk decisions.

Key Responsibilities

• Risk-Based Vulnerability Management: Own the full lifecycle of vulnerability discovery and remediation. You’ll move beyond "Critical/High" labels to prioritize based on reachability, exploitability-in-the-wild (EPSS/KEV), and the specific context of our environment.
• Stakeholder Diplomacy: Act as the primary technical point of contact for Engineering and DevOps. You’ll be responsible for explaining the "why" behind a fix, helping teams navigate technical debt, and negotiating remediation timelines that balance security with product velocity.
• Threat Hunting & Intel: Use MITRE ATT&CK® to pivot from vulnerability data to proactive hunting. If a new Zero-Day drops, you’re the one identifying our exposure surface and drafting the "what this means for us" brief within hours.
• Detection & Automation: We don't want you doing the same manual task twice. You’ll build and tune detection logic and design SOAR playbooks to automate ticket routing, asset tagging, and evidence collection.
• Incident Leadership: Act as a Tier 3 escalation point and Incident Commander for major security events. You’ll lead the "deep dive" after an incident to ensure the root cause is addressed in the TVM roadmap.
• Strategic Reporting: Stop reporting on "number of vulnerabilities" and start reporting on "risk reduction over time." You’ll develop KPIs that actually matter to executive leadership, such as Mean Time to Remediation (MTTR) for exploited flaws and burn-down rates on mission-critical assets.

Qualifications

• 5–7+ years in SecOps and TVM: You’ve lived through the "log4j" style fire drills and know how to keep a cool head when things get messy.
• TVM Tooling Expertise: Deep, hands-on experience with enterprise-grade scanners (Qualys, Tenable, or Rapid7) and, more importantly, the ability to integrate them into CI/CD pipelines and cloud workflows.
• Cloud Security Expertise: You’re fluent in AWS/Azure/GCP security and understand why scanning a container image is different from scanning a VM.
• Data & Scripting: You can use Python, PowerShell, or SQL to pull data from an API, smash two datasets together, and find the one outlier that actually matters.
• Risk Translation: You can explain the difference between a theoretical vulnerability and a functional exploit to both a kernel engineer and a VP of Product.
• Framework Fluency: Strong command of NIST CSF and MITRE ATT&CK. You don't just know the frameworks; you know how to apply them to prioritize your week.
• The "Attacker Mindset": You understand exploit development and penetration testing methodologies. You know which vulnerabilities are "low hanging fruit" for an attacker, even if the scanner says they’re "Medium."

Certifications & Education

While we value experience over paper, professional certifications like CISSP, GCIH, or GEVA (GIAC Enterprise Vulnerability Assessor) are highly regarded.
Specialized cloud certs (CCSP, AWS Security) or a degree in Cybersecurity/CS are a plus, but your ability to solve complex problems is what we’re really looking for.

Why you’ll love this role

You won't be a cog in a machine. You’ll have the autonomy to rebuild our TVM processes and a seat at the table to influence how the entire organization approaches security risk.

Our benefits:

• 10 study days per year
• 2 volunteering days per year
• 30-day holidays after 5-year tenure, Sabbatical Leave
• 4 weeks of paternity leave
• Up to 8700 PLN personal education budget per year
• 300 PLN corrective glasses reimbursement every two years
• Medical care with Luxmed – individual, partner, or family package fully paid by the company
• The company fully pays for group life insurance
• Pension scheme (employee capital plans) with 1.5% employer contribution
• Unlimited access to LinkedIn Learning
• English/Polish classes
• MyBenefit platform with a monthly subsidy of 103 PLN (with various vouchers and Multisport cards available)
• 500 PLN per year of race fee reimbursement
• Solarian Referral Program
• SolarWinds Appreciation Program
• Employee Assistance Program
• Free lunches at the office on Wednesdays