Vulnerability Management Engineer

We are SIBS Romania. We operate in the area of financial services for banking and retail and we are passionate about simplifying daily life by innovating financial technology.

We believe that teamwork is a key element in achieving success, and we are proud to work with talented, persevering people who are not afraid to express their most creative ideas. We make a priority to ensure a workplace that drives, engages and retains them.

What makes SIBS a Great place to work?

Here are a few highlights:

• The team: you’ll work with team players that are smart & friendly and that really care about the work they do, and there are plenty of happy hours and team building events to connect outside work;
• The flexibility: SIBS creates an environment for people to integrate their work and life, by offering flexible working hours and the tools to work from home as needed;
• The growth and innovation: as part of a growing team, you’ll have lots of opportunities for career development and be exposed to the latest technologies due to our focus on innovation on the exciting and fast growing payments industry;
• The benefits: you’ll have access to a generous benefits package, like access to Bookster library, a top health insurance and competitive salaries with performance rewards.

Key Responsibilities:

• Conduct vulnerability assessments across internal and externally exposed systems and infrastructure using established enterprise vulnerability scanning platforms (Qualys, Tenable, Rapid7, etc.)
• Configure, tune, and maintain authenticated and non-authenticated vulnerability scans to ensure accurate coverage and reliable assessment results
• Technically validate findings, distinguish false positives from exploitable issues, and assess real-world impact before initiating remediation tracking
• Track vulnerabilities from detection to verified closure within established ticketing platforms, working closely with IT and development teams to facilitate remediation
• Facilitate periodic remediation review meetings and maintain structured follow-up to support timely resolution
• Assist in evaluating vulnerabilities’ severity using asset context and compensating controls
• Ensure adherence to PCI-DSS requirements and actively participate in audits, providing structured, audit-ready evidence and supporting documentation
• Monitor external attack surface, validate findings from external scans, and coordinate remediation of publicly reachable vulnerabilities
• Monitor vulnerability intelligence feeds and translate emerging threats into prioritized internal actions.

Qualifications Required:

• 3+ years of experience in a technical security support role
• Hands-on experience conducting network and host-based vulnerability assessments
• Practical understanding of CVSS scoring and risk-based prioritization concepts
• Ability to technically validate vulnerabilities and assess exploitability within real infrastructure environments
• Solid understanding of networking fundamentals and segmentation concepts
• Familiarity with Linux and Windows OS administration, and virtualized environments
• High agency with the ability to proactively follow through on remediation efforts until resolution

Preferred:

• Familiarity with compliance-driven environments (e.g., PCI-DSS)
• Familiarity with scripting for automation or reporting tasks
• Experience in environments with structured IT or security governance practices.