Senior Vulnerability Management Engineering Expert (m/f/d)

Huawei's Munich Research Center is responsible for advanced technology research, architectural development, design and strategic engineering of our products.

Huawei Vulnerability Management Center (PSIRT) was founded and accepted as a member of the Forum of Incident Response and Security Teams (FIRST) in 2010. It has established a vulnerability response process in compliance with ISO/IEC 29147 and ISO/IEC 30111. PSIRT is a dedicated team that receives, investigates, and discloses security vulnerabilities in Huawei products and solutions and is an important vulnerability disclosure window.

PSIRT is responsible for vulnerability management during the Group's deep dive into digital transformation and new business. It builds an end-to-end (E2E) vulnerability governance and capability system and an open vulnerability management ecosystem, implements vulnerability management requirements under the company's diverse business structure to meet stringent external requirements, and ensures that product security capabilities can be translated into competitiveness.

Join us as a

Senior Vulnerability Management Engineering Expert (m/f/d)

Your mission

• Make plans to apply vulnerability management engineering methods and technologies, including gaining deep insights into application trends, planning and deploying engineering methods and technologies, and incorporating advanced engineering and technology innovation into industry standards or industries to gain a competitive edge
  
• Take the lead in designing and maintaining the E2E development of corporate-level vulnerability lifecycle management capabilities, including but not limited to vulnerability awareness, verification, assessment, vulnerability impact mitigation, vulnerability fixing, and vulnerability disclosure, and continuously optimize the corporate-level capability baseline. Maintain the advancement of engineering, technology, and methods in the field of vulnerability management and security emergency response
  
• Based on vulnerability data, participate in the continuous improvement of vulnerability management engineering governance, operations, and analysis capabilities for product lines and business groups, in order to provide customers with engineering and technology solutions that are easy to deploy and simplify checks and assessments, so as to support efficient, quick, and automatic mitigation of vulnerability risks on live networks
  
• This position will focus in particular on the delivery of vulnerability management engineering capabilities that are fit to technology trends, ecosystem and regulations applicable in the European market

Your areas of expertise

• Master's or PhD degree in cyber security, information security, computer application, or other related majors is preferred, with outstanding technical contributions or professional achievements
  
• At least 5 years of experience in vulnerability management, security incident response, or related fields
  
• Have experience in delivering Vulnerability Management engineering capabilities to key European technology domains, such as Telecom, Automotive, Industrial Automation, and Power Grids, and compliant with regulations applicable to Vulnerability Management and Incident Response in Europe, such as NIS2, CRA and CSA, or national regulations
  
• Have experience in improving Vulnerability Management engineering capabilities based on evolving best practice, such as introducing security.txt, vulnerability prioritization techniques (e.g. EPSS, SSVC), machine-readable vulnerability disclosure (e.g. CVRF, CSAF), or AI-assisted Vulnerability Management capabilities
  
• Participate in vulnerability-related industry/standard organizations and have key seats or roles, such as OASIS CSAF working group, ISO/IEC (CEN/CENELEC), IETF, FIRST, CVSS SIG/PSIRT SIG/EPSS SIG, OpenCSIRT Foundation, OpenSSF, OWASP, and other industry alliances and communities
  
• Fluency in written and spoken Business English

By applying to this position, you agree with our Recruitment Privacy Statement. You can read in full our privacy policy here.

Your rewards of working here

• Our culture is characterized by innovative power and team spirit as well as the intensive exchange of knowledge and experience within our global network.
• We offer healthy meals ranging from traditional Chinese to western delicacies in our famous company canteen.
• To keep your development ongoing, you will find a broad range of training opportunities. Many online and face-to-face training programs incl. language courses in German and Mandarin.
• Our diverse and welcoming environment is shaped by different backgrounds and around 40 individual nationalities.
• Self-responsible work in a competent, motivated and constantly growing team.

Please send your application and CV (incl. cover letter and reference letters) in English.

Huawei is a leading global information and communications technology (ICT) solutions provider. Driven by a commitment to operations, ongoing innovation, and open collaboration, we have established a competitive ICT portfolio of end-to-end solutions in Telecom and enterprise networks, Devices and Cloud technology and services. Our ICT solutions, products and services are used in more than 170 countries and regions, serving over one-third of the world's population. With 197,000 employees, Huawei is committed to develop the future information society and build a Better Connected World.