Sr Engineer - Security Vulnerability Management

Information Technology Bangalore, Karnataka (Req. #6751)

Apply

Description

Xperi invents, develops and delivers technologies that create extraordinary experiences at home and on the go for millions of people around the world. Powering billions of consumer electronics, connected cars and digital content titles, we make entertainment more immersive, driving more intelligent and every interaction seamlessly personalized through our renowned consumer brands: DTS®, HD Radio™ and TiVo®. 
 
Xperi (NYSE: XPER) is a publicly traded technology company headquartered in San Jose, CA with over 2,000 employees across North America, Europe and Asia. Come join a thriving team where you can play an integral role in shaping the future of entertainment technology 
 
Job Summary: 
 
The Senior Engineer – Vulnerability Management plays a critical role in protecting the organization’s digital assets by proactively identifying, assessing, and mitigating security vulnerabilities across hybrid environments. This role requires a deep understanding of both traditional on-premises infrastructure and modern cloud-native architectures. The successful candidate will work cross-functionally with IT, DevOps, and application teams to ensure vulnerabilities are addressed in a timely and effective manner, while continuously improving the organization’s security posture. 
  
Key Responsibilities: 
  
Vulnerability Discovery & Assessment 
  • Perform scheduled and continuous vulnerability scans across diverse asset types including servers, endpoints, network devices, containers, and cloud workloads. 
  • Utilize and manage enterprise-grade scanning platforms (e.g., Tenable.sc, Qualys VMDR, Rapid7 InsightVM) to ensure comprehensive coverage. 
  • Correlate scan data with threat intelligence feeds to assess exploitability and prioritize based on CVSS scores, asset criticality, and business impact. 
  • Maintain and enrich asset inventories with metadata (e.g., business owner, environment, classification) to support contextual risk analysis. 
Remediation & Risk Mitigation 
  • Collaborate with infrastructure, application, and DevOps teams to coordinate timely remediation of identified vulnerabilities. 
  • Develop and maintain remediation workflows, SLAs, and escalation paths for critical findings. 
  • Provide technical guidance on patching, configuration changes, and compensating controls, including virtual patching and segmentation. 
  • Track remediation progress using dashboards and automated reporting tools; escalate overdue items to leadership. 
Cloud Security & Posture Management 
  • Integrate vulnerability management into cloud-native environments (AWS, Azure, GCP), including IaaS, PaaS, and containerized workloads. 
  • Use CSPM and CWPP tools (e.g., Wiz, Prisma Cloud, Orca Security) to detect misconfigurations, exposed secrets, and insecure APIs. 
  • Monitor cloud asset drift and ensure alignment with security baselines and compliance benchmarks (e.g., CIS, NIST, ISO). 
  • Collaborate with cloud engineering teams to embed security controls into Terraform, CloudFormation, and CI/CD pipelines. 
On-Prem Infrastructure Security 
  • Conduct vulnerability assessments on legacy systems, virtual machines, databases, and network appliances. 
  • Support patch management programs by validating patch applicability, testing, and deployment coordination. 
  • Implement secure configuration baselines using tools like Microsoft SCAP, Ansible, or Chef. 
  • Perform periodic manual assessments and penetration testing to validate scanner coverage and identify blind spots. 
Automation, Integration & Tooling 
  • Develop scripts and automation workflows (Python, PowerShell, Bash) to streamline scanning, data parsing, and remediation tracking. 
  • Integrate vulnerability data with SIEM (e.g., Splunk, Sentinel), CMDB (e.g., ServiceNow), and ticketing systems to enable end-to-end visibility. 
  • Build and maintain dashboards for real-time vulnerability metrics, risk scoring, and compliance tracking. 
  • Evaluate emerging tools and technologies to enhance detection, prioritization, and remediation capabilities. 
Reporting, Metrics & Governance 
  • Generate executive-level and technical reports detailing vulnerability trends, remediation status, and risk posture. 
  • Define and track KPIs such as Mean Time to Remediate (MTTR), vulnerability recurrence rate, and SLA adherence. 
  • Present findings to stakeholders, including risk committees, audit teams, and senior leadership. 
  • Support internal and external audits by providing evidence of vulnerability management controls and processes. 
Continuous Improvement & Threat Intelligence 
  • Stay current with emerging threats, zero-day vulnerabilities, and exploit techniques through threat intelligence platforms and security communities. 
  • Participate in threat modeling, red/blue team exercises, and tabletop scenarios to validate detection and response capabilities. 
  • Contribute to the development and refinement of vulnerability management policies, standards, and procedures. 
  • Mentor junior team members and promote a culture of security awareness across the organization. 
  
Required Qualifications: 
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field. 
  • 3–5 years of experience in vulnerability management, security operations, or infrastructure security. 
  • Proficiency with tools such as Tenable, Qualys, Rapid7, CrowdStrike, Wiz, Prisma Cloud, or similar. 
  • Strong understanding of cloud platforms (AWS, Azure, GCP) and associated security services. 
  • Experience with scripting languages (Python, PowerShell, Bash) for automation and data parsing. 
  • Familiarity with network protocols, operating systems (Windows, Linux), and container technologies (Docker, Kubernetes). 
  
Preferred Certifications: 
  • Security Certifications: CISSP, CISM, CEH, OSCP 
  • Cloud Certifications: AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer 
  • Other: GIAC (GCIH, GPEN, GSEC), CompTIA CySA+ 
  
Soft Skills & Attributes: 
  • Strong analytical and problem-solving skills. 
  • Excellent communication and interpersonal abilities. 
  • Ability to manage multiple priorities in a fast-paced environment. 
  • Detail-oriented with a commitment to continuous learning and improvement. 
 
 
Life @ Xperi: 
 
At Xperi, we value People, Customers, Performance and Innovation. We are dedicated to creating a workplace where all employees have a voice and sense of belonging, feel safe and valued, and are acknowledged for how their unique differences contribute to organizational culture and business outcomes. 
Our employees and their families are important to us, and our comprehensive pay, stock and benefits programs reflect that. Xperi supports personal well-being, builds financial security and enables employees to share in our collective success. 
Rewards include: 
  • Competitive compensation (salary, equity and bonuses) and comprehensive benefits designed to foster work-life balance, care for your health, protect your finances and help you save and invest for the future.
  • Generous paid time away from work, including flexible time off, holidays and sick time, health and wellness initiatives, and a charitable match program to help you give back to your community.
  • Great perks, which vary by location and can be site-specific: employee discounts, transportation reimbursements, subsidized cafes and fitness facilities.
  • A flexible, hybrid work environment combining the best of in-office collaboration and community-building along with the benefits of working from home.

Apply Apply Later
← Back to Current Openings

Share

Similar Jobs

{{ job.title }}