Vulnerability Management Engineer

You’re only human.   

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.   

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.  

The Role

We’re looking for a Vulnerability Management Engineer to develop, configure and optimise technologies, capabilities, and systems required to effectively manage the detection and response of vulnerabilities across the organisation. 

Reporting into the Security Engineering Manager this role will demonstrate your subject matter expertise in the optimisation of technology across the vulnerability management lifecycle. You will play a critical role in securing systems that host sensitive health data, enhancing security through seamless and secure identification, response and management of vulnerabilities with regulatory obligations such as APRA CPS 234, ISO 27001, and the Australian Privacy Principles (APPs). 

The Responsibilities:

• Optimise technologies to conduct regular vulnerability scans on systems, networks, and applications using tools such as Tenable, Nessus or Qualys to identify security weaknesses.
• Ensure compliance with regulatory requirements and industry best practices related to vulnerability management. 
• Input to the selection, implementation, and maintenance of vulnerability management systems, tools, and technologies. 
• Utilise a strong understanding of cybersecurity principles, vulnerability assessment tools (e.g., Nessus, Tenable, Qualys), and IT infrastructure to effectively assess and mitigate vulnerabilities.
• Collaborate with various stakeholders, such as IT teams, business units, and external partners, to understand their vulnerability management requirements and develop systems and processes to meet these requirements. 
• Provide SME advice to ensure secure and efficient access to resources.
• Responding to security incidents related to vulnerabilities, coordinating with relevant teams to contain and mitigate threats promptly.
• Administering and configuring vulnerability scanning tools, ensuring they are up-to-date and effectively integrated into the security infrastructure.
• Good understanding of configurations and deployments of assets across an enterprise technical estate, including but not limited to Windows, Linux, MacOS, Unix, Databases, Active Directory, DNS Servers, Firewalls, Cloud resources. 
• Build & maintain custom scripts, tools, and integrations using programming languages (Python, Powershell, Bash) to streamline vulnerability management processes and enhance security operations.
• Automate the deployment and configuration of security tools and services using IaC principles (Terraform, Ansible, CloudFormation). 
• Contribute to the selection, evaluation and optimization of security tools and technologies to integrate into our DevSecOps toolchain. 
• Previous experience of deploying applications on public cloud services like AWS and Azure.
• Maintaining detailed documentation of vulnerabilities, remediation actions taken, and producing reports for management on vulnerability status and trends.
• Proactively identifying areas for enhancing vulnerability management tools, suggesting improvements, and implementing best practices for ongoing optimization.

About You

• Ideally 5+ years of experience in a similar or related role, demonstrating deep technical expertise in various Vulnerability Management technologies such as Tenable, Qualys, Nessus etc.
• Demonstrated experience in Vulnerability Management Engineering, covering the full lifecycle— scan results, identify trends, and develop strategies to address systemic issues within the organization's IT environment.
• Strong stakeholder management skills, with the ability to communicate complex Vulnerability Management concepts effectively and present data-driven narratives.
• Extensive experience in operational IT security focused on vulnerability management
• High analytical and mature problem-solving skills. 
• Excellent communication, skills written and verbal.
• Understanding of relevant regulations and standards in the healthcare and insurance sectors (e.g., APRA CPS 234, Privacy Act) to ensure adherence to compliance requirements.
• Understanding of programming or technological concepts to maximise and enhance the configuration of vulnerability management technologies and develop bespoke or custom scripts for continuous improvement purposes. 

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.    

Imagine a workplace where work didn't feel like work. A workplace where you could shape when and where you work to have more impact. Where flexible working isn’t a buzzword, it’s a reality.  

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander candidates, those with disabilities, and LGBTQIA+ community including transgender and gender diverse applicants. 

For any adjustments or alternative formats during the recruitment process, please contact us at careers@medibank.com.au. To learn about our commitments and employee experiences, go to https://careers.medibank.com.au/culture/diversity-inclusion/