Share this Job

Principal - Threat Vulnerability Management & Remediation

Date Posted: May 8, 2021

Location: Cary, NC, US, 27513

Company: MetLife

Role Value Proposition

As part of the Global Security Technology organization, the Principal - Threat Vulnerability Management and Remediation Engineer is responsible for executing the enterprise-wide strategy to develop and implement vulnerability management frameworks and methodologies across the MetLife enterprise environment. This hands-on position also requires strong collaboration skills to work with cross-functional teams to ensure the design of the governance, processes, and technology solutions comply with MetLife’s information risk and security policies and regulatory obligations. 


Key Responsibilities

  • The Principal - Threat Vulnerability Management and Remediation Engineer is responsible for designing and architecting the next-generation enterprise vulnerability management framework and security patching program. This individual will be accountable to refine/define MetLife’s global vulnerability management framework and implement and lead efforts to drive remediation efforts across the MetLife-supported technology stack.   
  • Identify, recommend, implement and support technical security solutions to enhance MetLife’s Operating system security and vulnerability patching 

  • Define the strategy and roadmap for implementing consistent vulnerability management and security patching solutions and processes across MetLife supported Operating systems and ensure identified vulnerabilities are resolved within defined SLAs 

  • Enhance the current security Operating System patch management program to embed vulnerability patching and establish a methodology to measure the maturity of the program against Industry standards such as NIST 800-40 

  • Engage with other Information Security teams, business units, and technology partners to implement solutions to measure security vulnerability and patch compliance for Operating System and approved 3rd party applications  

  • Ability to work with teams around the globe, comfortable in delivering clear and concise information at both technical and managerial level 


Essential Business Experience and Technical Skills:

Required Experience:

  • 7+ years of IT Security Engineering experience working in an enterprise threat and vulnerability or security architecture function
  • Experience with patching tools and technologies (Tanium, SCCM, RedHat Satellite)
  • Deep understanding of Operating system, network and web application related architectures and vulnerabilities
  • Experience scripting to automate patching is required (PowerShell, Python, bash, etc.)
  • Good understanding of the OWASP Top 10. Familiarity with vulnerabilities across OS, application technology stack and remediation
  • Working knowledge of various industry security standards and frameworks ex, NIST, ISO
  • Experience with vulnerability scanning and prioritization tools (Qualys, Nessus, Kenna)
  • Teamwork, collaboration and communication skills, both written and verbal

Preferred Experience:

  • Bachelor’s degree in Computer Science, Information Systems, relevant IT certifications – CISSP, GIAC, RHCE, RHCA, etc.
  • Working knowledge of Operating system and application architectures including common vulnerabilities and their remediations and patching solutions


Business Category

Global Infrastructure Technology Operations - Global Security Technology


At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.


MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.


We are one of the largest institutional investors in the U.S. with $651 billion of total assets under management as of September 30, 2020. We are ranked #48 on the Fortune 500 list for 2020. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.


MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.


We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife.  For further information about how to request a reasonable accommodation, please click on the Disability Accommodations link below.


MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.


MetLife maintains a drug-free workplace.


Requisition #: 116469


Nearest Major Market: Raleigh