Hello. We're Haleon. A new world-leading consumer health company. Shaped by all who join us. Together, we're improving everyday health for billions of people. By growing and innovating our global portfolio of category-leading brands - including Sensodyne, Panadol, Advil, Voltaren, Theraflu, Otrivin, and Centrum - through a unique combination of deep human understanding and trusted science. What's more, we're achieving it in a company that we're in control of. In an environment that we're co-creating. And a culture that's uniquely ours. Care to join us. It isn't a question.

With category leading brands such as Sensodyne, Voltaren and Centrum, built on trusted science and human understanding, and combined with our passion, knowledge and expertise, we're uniquely placed to do this and to grow a strong, successful business.

This is an exciting time to join us and help shape the future. It's an opportunity to be part of something special.

About the role

The Senior Engineer Vulnerability Management will provide technical leadership by architecting, implementing, and governing Vulnerability Management technologies, tools, and processes. The candidate should be capable of managing vulnerability lifecycle (from detection to closure), keeping a risk-based approach throughout the lifecycle.

The Senior Engineer Vulnerability Management will have the security-by-design mindset and yet understand the importance of building relationships with the other IT teams to convince them to patch the vulnerabilities for reducing cyber risk to the Company. The Senior Engineer Vulnerability Management will also manage the Managed Vulnerability Management Service Provider to deliver Infrastructure Vulnerability Management Services.

Role Responsibilities

• Manage vulnerability management service provider to deliver infrastructure vulnerability management services.

• Identify, prioritize, report, and communicate security vulnerabilities to the IT teams responsible for remediation.

• Determining vulnerability applicability based on the actual impact on the organization and provide actionable remediation guidance to the IT Teams.

• Build and leverage relationships to influence IT Teams to patch their vulnerabilities and increase their vulnerability awareness and adoption.

• Select, architect, implement and run Vulnerability Management technologies.

• Integrate VM tools with ticketing system (e.g., Service-Now, JIRA etc.)

• Automate vulnerability management processes to create efficiencies.

• Integrate VM scanning into CI/CD pipeline and container scanning processes.

• Provide governance over the Vulnerability Management Processes including writing and implementing VM standards, tracking vulnerability to closure, implementing long term controls to avoid the same vulnerabilities.

• Consolidate all vulnerabilities identified by various security tools into an orchestration platform.

• Partner with internal security teams (Threat Intel, Forensics, Incident Response, GRC, etc.) regarding ways to detect or block exploitation.

• Gain knowledge of Vulnerability Management industry standards, best practices & processes and apply them in the HALEON environment.

• Support Haleon Agile Frameworks to deliver the work.

• Assist in executing overall Haleon information security strategy.

Why you?

Basic Qualifications:

• Bachelor's degree in Information Technology, Cyber Security, Computer Science, Information Security or related field of study.

• Minimum of 3 years of experience in information technology or Information Security and minimum of 2.5 years of experience in vulnerability management.

• Solid Hands-on experience with vulnerability management process and tools (e.g. Tenable.IO, Qualys, Rapid7 etc.). This includes subject matter expertise of scanning virtual machines, on-prem servers, workstations (Mac and Windows Laptops, VDIs etc.), Network Devices etc and capability to interact with internal customers including information technology stakeholders and business stakeholders to ensure their satisfactions with vulnerability management processes.

• Strong understanding of industry standards and guidelines regarding vulnerability management, including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Open Web Application Security Project (OWASP), and VM Maturity Models. Understanding of Threat and Risk driven Vulnerability Management.

• Capability to manage MSSP relationship and performance by providing leadership to ensure they are scanning all devices, reporting vulnerabilities, tracking remediations and publishing metrics on-time and with quality.

• Ability to lead during a zero-day or emergency vulnerabilities by orchestrating team and customer to address such events.

• Excellent communication (both verbal and written) to translate technical issues into a non-technical language to the customer.

• Ability to influence without authority and work in a matrix organizational.

Preferred Qualifications:

• CISSP

• Scripting and Programming experience (e.g., Python, Ruby, Powershell, PoweBI etc.)

Please save a copy of the job description, as this may be helpful to refer to once the advert closes.

Haleon offers a robust Total Reward package that consists of competitive pay and a comprehensive benefits program. This includes a generous 401(k) plan, tuition reimbursement and time off programs including 6 months paid parental leave. On day one, you are eligible for benefits, including our healthcare programs where the company pays for the majority of your medical coverage for you and your family. We also offer the opportunity to receive a discretionary bonus based on the achievement of key business performance and other incentive/recognition programs as part of the offering.

The salary range for this role in the United States is: $127,127 to $171,996 plus a 18% bonus.

The salary range for this role in the United Kingdom is: GBP 68,251 to GBP 102,376, plus a 18% bonus.

#Li-Hybrid

Care to join us. Find out what life at Haleon is really like

At Haleon we embrace our diverse workforce by creating an inclusive environment that celebrates our unique perspectives, generates curiosity to create unmatched understanding of each other, and promotes fair and equitable outcomes for everyone. We're striving to create a climate where we celebrate our diversity in all forms by treating each other with respect, listening to different viewpoints, supporting our communities, and creating a workplace where your authentic self belongs and thrives. We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

As you apply, we will ask you to share some personal information, which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Haleon is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, Haleon may be required to capture and report expenses Haleon incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure Haleon's compliance to all federal and state US Transparency requirements.