Skip to main content

Principal Security Engineer, Vulnerability Management

Culver City | Req ID: JR22-11283

Tech/IT/InfoSec at Sony Pictures

Join us in a dynamic fast paced environment focused on delivering value by leveraging an agile framework. In support of our ever evolving film and television businesses, our IT teams leverage the latest technologies and focus on cloud adoption.

Success Profile

Be a part of a diverse, inclusive and collaborative culture that focuses on professional development, high performance and growth by leveraging structured programs that include OKRs (stretch for amazing) and modern development planning tools (e.g. competency model). Check out the top traits we’re looking for and see if you have the right mix.

  • trusted partner
  • problem solver
  • strategic thinker
  • change agent
  • effective communicator

Job Details

REQ ID JR22-11283 Date posted 01/25/2023

Our Vulnerability Management Operations (VMO) team uses various security tooling to identify, classify and track remediation of vulnerabilities in our information systems.

You will interact with other teams (onshore and off) to enable prioritization, escalation and remediation of vulnerabilities, as needed. You will document standards and processes related to Vulnerability Management and keeps them current. The position will report to the Executive Director of Vulnerability Management.

What You’ll Do:

  • Conduct vulnerability scans at the desktop, network, server, database, and application (DAST & SAST) levels on both internal and external systems within this organizations enterprise
  • Provide technical guidance to engineering teams regarding the impact of security issues
  • Drive remediation by working with various teams
  • Assist in generating asset inventory reports and identify discrepancies
  • Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
  • Automate vulnerability scans
  • Develop technical and non-technical solutions to help mitigate security risks
  • Develop integrations between various tools and our VM management system
  • Improve existing security process by automation and integration
  • Deliver security metrics and improvement
  • Document security guidance & processes as they relate to policy
  • Champion security in the organization

What you will have:

  • Bachelor’s degree in computer science or a technology related filed required
  • 5-7+ years of experience in Information Technology
  • 5-7+ years of experience in an Information Security role
  • Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
  • Knowledge in Vulnerability Management and its related processes and procedures
  • General understanding of security fundamentals (cryptography, least privilege, segregation of duties…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, identity management, directory services, etc.
  • Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems
  • An understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
  • An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
  • Experience with common CI/CD and software deployment automation tools
  • Understanding of security management, governance, and risk
  • Experience of working in an Agile (Scrum/Kanban) development environment
  • Broad technical knowledge, and ability to quickly assimilate new skills
  • Ability to positively influence others without direct authority towards a common purpose
  • Ability to adapt to shifting priorities, demands and timelines
  • Ability to work efficiently within a matrix management organization
  • Excellent interpersonal, communication, presentation, and collaborative skills to work effectively with executive leadership, IT, and Information Security teams throughout organization

Nice To Have:

  • Strong experience in automation, coding and scripting languages.
  • Security related certifications preferred
    • CISSP – Certified Information System Security Professional
    • CEH – Certified Ethical Hacker
  • An understanding of PCI Compliance and EU GDPR Requirements
  • Experience with IaaS, PaaS, IaC and Cloud Services such as AWS, Azure, and GCP
  • Understanding and experience with container-based architectures
The anticipated base salary for this position is $135,000 to $175,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.

*Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

*As part of our commitment to health and safety, all U.S. non-union and O.P.E.I.U. Local 174 applicants and employees must submit proof of vaccination against COVID-19 or request and obtain approval of a reasonable accommodation based on disability or a sincerely held religious belief, practice or observance. To request an accommodation for purposes of participating in the hiring process, you may contact us at

Join Us

Sony Pictures is the powerhouse behind some of the world’s most beloved films and television. Peek behind the curtain and watch this video to see what it’s like to work with us.

Join Us at Sony Pictures

Premiere Jobs

You have not recently viewed any jobs.

You have not saved any jobs.

Job Alerts

Fill out and submit the form below to stay updated about the latest job opportunities at Sony Pictures

Interested InSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Tech / IT / Info Sec, Culver City, California, United StatesRemove

Note that all fields are mandatory. Please set your category and location selections prior to submitting.