International Rescue Committee

The Resettlement Support Center Asia (RSC Asia), funded by the US State Department Bureau of Population, Refugees, and Migration (PRM), assists persons throughout Asia seeking permanent resettlement in the United States. Responsible for a portfolio of 37 countries, RSC Asia: prepares refugee applications for the United States Refugee Admissions Program (USRAP) using START (a State Department–managed data system that supports the arrival and resettlement of refugees through technology); provides information to resettlement agencies about arriving refugees and offers cultural orientation training to refugees bound for the United States. RSC Asia is based in Bangkok, Thailand, with sub-offices in Mae Sot-Thailand, Kuala Lumpur-Malaysia and Cox’s Bazar-Bangladesh.

Job Overview/Summary:

The Vulnerability Management Engineer will oversee daily operations and ensure the security integrity of RSC Asia systems. The responsibilities include coordinating vulnerability scans, assessing risks, and guiding remediation efforts. This position will play a crucial role in maintaining adherence to NIST 800-53 rev4 security policies and procedures while mentoring and advising RSC Asia team members to ensure their professional growth and effectiveness.

Key Responsibilities:

Vulnerability Assessment:

• Evaluate and validate vulnerability reports, discerning their severity and impact.
• Provide expert guidance to development teams on effective remediation strategies.
• Stay informed about the latest cybersecurity threats and integrate threat intelligence into our processes.

Security Tool Management:

• Manage and configure vulnerability scanning tools for optimal performance.
• Fine-tune tool configurations to enhance accuracy and efficiency.

Documentation and Reporting:

• Develop and document procedures to streamline operations.
• Maintain regular communication with management and stakeholders, providing updates and key metrics.

Security Awareness Training:

• Conduct training sessions to promote security awareness.
• Share insights on emerging threats to foster a culture of security consciousness.

Scripting, Coding & Automation:

• Develop scripts and integrations to automate tasks and workflows.
• Write and maintain scripts for vulnerability scanning and remediation activities.

Compliance & Audit Support:

• Participate in audits and assessments to validate vulnerability management processes.
• Implement controls to address compliance requirements related to vulnerabilities.

Key Working Relationships:

Position Reports to: Technology Information Security Coordinator

Position directly supervises: N/A

Indirect reporting: N/A

Other Internal and/or external contacts:

Internal: All RSC Asia SMT, RSC Asia IT Support teams, IRC HQ/Regional IT System Network Engineering, Regional IT, and relevant global IT Teams

External:, PRM/RPC and Auditor Teams as required

Job Requirements

Education and Technical Skills:

• Bachelor’s Degree or equivalent experience in vulnerability management.
• 5-7 years of relevant experience.
• 3-5 years hands-on experience with Qualys.
• Familiarity with common vulnerabilities and remediation steps.
• Knowledge of vulnerability scoring systems like CVSSv3 and NIST.
• Strong analytical and problem-solving skills.
• Excellent communication skills for collaboration with cross-functional teams.

Preferred Qualifications:

• CISSP, CISM, or equivalent certification.
• Experience with vulnerability management across cloud platforms.
• Proficiency in scripting languages such as Python and SQL.
• Ability to work in a multicultural team and mentor junior staff.

Communication and Collaboration:

• Excellent verbal and written communication skills to interact with end users, colleagues, and management effectively.
• Ability to explain technical concepts to non-technical individuals.

Working Environment:

The position is based in Bangkok in an urban office environment. The position may require both domestic and international travel to support the delivery of NIST 800-53 remediation efforts within Thailand and throughout the RSC Asia region. A valid passport and the ability to acquire US and other visas, as necessary, is a requirement.

The employee is required to adhere to The IRC Way for professional conduct, as well as to be in compliance with all relevant NIST 800-53 and IRC policies and procedures while carrying out his/her duties.

Application deadline: 3 May 2024