Vulnerability & Security Posture Management Engineer

**BAT is evolving at pace into a global multi-category business. Our purpose is to create A Better Tomorrow by Building a Smokeless World.

To achieve our ambition, we are looking for colleagues who are ready to join us on this journey Tomorrow can't wait, let's shape it together
BAT Digital Business Solution has an exciting opportunity for a Vulnerability & Security Posture Management Engineer in Subang Jaya
Your Key Responsibilities Will Include
Security Posture Management**

• Develop and implement continuous monitoring and enforcement of security configurations and policies across various platforms, leveraging tools like Microsoft E5 capabilities (e.g., Defender External Attack Surface Management, Defender for Identity, Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps)
• Drive the reduction of configuration drift and ensure compliance with BAT security and technical standards, and external regulations

Vulnerability Management

• Lead the execution and optimization of vulnerability scanning using Qualys and other tools
• Analyze, prioritize, and report on vulnerabilities based on risk, exploitability, and business impact
• Proactively monitor threat intelligence feeds and advisories (e.g., CVE, CISA, NCSC, vendor bulletins) to stay current on emerging vulnerabilities and exploits
• Collaborate with IT and BAT partners to ensure timely and effective remediation efforts are implemented and tracked

Attack Surface Management

• Continuously discover and inventory all internal and external assets, including cloud resources, to maintain a comprehensive view of the attack surface
• Monitor for changes in the attack surface and proactively assess new exposures

Reporting & Strategy

• Generate clear, actionable reports and dashboards for technical teams and leadership detailing vulnerability status, trends, and risk reduction over time
• Contribute to the strategic planning and selection of security tools and technologies

What are we looking for?

• Minimum 3+ years of experience in information security, with hands-on focus on vulnerability management, threat analysis, or security posture management.

• Deep hands-on experience with commercial and open-source security tools, including

• Qualys (or similar platforms like Tenable/Rapid7).

• Microsoft E5 Security Stack (e.g., Defender for Endpoint, Defender for Identity, Defender for Cloud Apps) and Microsoft Exposure Management.

• Cloud (e.g., Azure, AWS)

• Understanding of threat intelligence sources (e.g., CVE, CISA, vendor advisories) and how to apply them to remediation efforts.

• Strong ability to translate raw technical data into business-relevant risk and remediation priorities
• Excellent communication, collaboration, and project management skills to drive cross-functional security initiatives

What we offer you?

• We offer a market leading annual performance bonus (subject to eligibility)
• Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
• Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
• You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
• We prioritise continuous improvement within a transformative environment, preparing for ongoing changes

**WHY JOIN BAT?

We're one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.

We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).

Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.**