FWD VTC

Overview of job

About the Role:

We are building a Patching Center of Excellence (COE) to standardize patch governance, improve risk reduction, and enhance operational resilience. This role will analyse vendor patches and vulnerabilities, validate patch packages, coordinate testing windows, run post-patching security scans, and provide actionable risk and compliance reporting. The role is ideal for a junior manager with strong technical skills and a passion for operational security.

Key Responsibilities

• Patch Intelligence & Analysis
  • Track vendor advisories (Microsoft, Red Hat, Apple, Adobe, Cisco, VMware, browser vendors).
  • Analyze CVEs, CVSS/EPSS scores, exploit maturity, KEV catalog entries, and asset exposure.
  • Recommend prioritization (e.g., weaponized, internet-facing, crown jewels, high business impact).
• Patch Validation & Testing
  • Review patch metadata, supersedence, prerequisites, and rollback strategy.
  • Coordinate patch validation in UAT/Pilot rings; verify functional and security outcomes.
  • Document test cases, exceptions, application compatibility notes, and sign-off criteria.
• Orchestration Support
  • Ensure maintenance window discipline, change records, and communications are tracked.
• Post-Patch Security Assurance
  • Run/validate post-patching scans (e.g., Qualys/Tenable/Rapid7; Defender for Endpoint).
  • Investigate residual vulnerabilities, misconfigurations, failed installs, and drifts.
• Continuous Improvement
  • Contribute to SOPs, standards, and ring & rollback methodologies.

• Attractive salary and benefits  
• Hybrid working mode
• Full salary in probation & 13th month salary
• Social insurance on full salary from probation
• Extensive leave up to 18 days per year
• Annual health check

• More than 3 years in Information Security/Endpoint Engineering/Vulnerability Management.
• Hands-on with one or more patching stacks: 
  • Windows: WSUS/SCCM/MECM, Intune, Defender for Endpoint.
  • Linux: Red Hat Satellite/YUM/DNF/APT; Ansible.
  • macOS: Jamf Pro, macOS update frameworks.
  • Endpoint/Server: Ivanti/Tanium; package validation & rollout.
• Vulnerability scanning tools: Qualys, Tenable, Rapid7, Nessus; interpretation of findings.
• Understanding of CVEs, CVSS, EPSS, KEV, exploit chains, and compensating controls.
• Familiarity with change management (ITIL), maintenance windows, rollback plans.
• Strong documentation, Excel/Power BI reporting, and stakeholder communication.

Education & Certifications

• Bachelor’s Degree, or related field (or equivalent experience).
• Preferred: Security+, Azure Security Engineer, RHCSA, ITIL Foundation, CISSP (associate)