Senior Engineer - Cybersecurity (Vulnerability Management Assessment)

Description

Duties will include providing vulnerability assessment and remediation activities through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the systems and proposing countermeasures. Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications.

Responsibilities

• Plans, develops and executes scans for vulnerabilities and compliance with configuration standards
• Manages enterprise vulnerability assessment and configuration assessment tools
• Works to identify and resolve false positive findings in assessment results
• Analyzes threat and vulnerability feeds and analyzes data for applicability to Sysco’s environment
• Works with applicable technical teams to ensure remediation of discovered vulnerabilities
• Coordinates change control for remediation activities
• Responsible for generating timely vulnerability assessment reports to management
• Generate reports on assessment findings and summarizes to facilitate remediation tasks for other operational teams
• Produces vulnerability, configuration, and coverage metrics to demonstrate assessment coverage and remediation effectiveness
• Recommends security controls and/or corrective actions for mitigating technical and business risk
• Assists in conducting security reviews of new and existing applications
• Maintains an awareness of existing and proposed security standards, industry best practices, legislation and regulations pertaining to information security and recommends appropriate changes
• Prevents/anticipates problems and focus on continuous improvement of manual and automated processes
• Optimizes existing workflows to enhance existing capabilities
• Creates and updates documentation related to assessment processes

Qualifications

Candidates for this position should have at least 2 - 4 years of experience of the following:

• Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
• Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
• Vulnerability Assessment tools, e.g. Nessus, Nexpose, etc
• Exploitation frameworks, e.g. Metasploit
• Social Engineering campaigns, e.g. email phishing, phone calls, SET
• Security devices, e.g. Firewalls, VPN, Proxies
• OS Security, e.g. Unix, Linux, Windows, Cisco, etc
• Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
• Web application infrastructure, e.g. Application Servers, Web Servers, Databases
• Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
• Reporting information security vulnerabilities to businesses
• Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.

Knowledge / Skills / Abilities:

• Subject matter expert in a broad range of security concepts
• Broad IT knowledge and experience, including an understanding of network devices and their role in a secure environment
• Ability to work directly with team members and end-users in stressful situations
• Ability to work in a dynamic environment
• Ability to solve complex problems through research and technical detective work
• Ability to learn new technologies and processes quickly
• Ability to quickly adapt to changes in timelines and sequences
• Able to work off hours when required
• Excellent communication and interpersonal skills
• Collaboration skills

Benefits

• US dollar-linked compensation 
• Performance-based annual bonus 
• Performance rewards and recognition 
• Agile Benefits - special allowances for Health, Wellness & Academic purposes 
• Paid birthday leave
• Team engagement allowance 
• Comprehensive Health & Life Insurance Cover - extendable to parents and in-laws 
• Overseas travel opportunities and exposure to client environments 
• Hybrid work arrangement 

Sysco LABS is an Equal Opportunity Employer. 

The Big Picture 

Sysco LABS is the Global In-House Center of Sysco Corporation (NYSE: SYY), the world’s largest foodservice company. Sysco ranks 56th in the Fortune 500 list and is the global leader in the trillion-dollar foodservice industry. 

 Sysco employs over 75,000 associates, has 337 smart distribution facilities worldwide, and over 14,000 IoT-enabled trucks serving 730,000 customer locations. For fiscal year 2025 that ended June 29, 2025, the company generated sales of more than $81.4 billion. 

 Sysco LABS Sri Lanka delivers the technology that powers Sysco’s end-to-end operations. Everything we do at Sysco LABS supports Sysco’s Purpose of “Connecting the world to share food and care for one another”, and our work directly impacts millions of food consumers in a trillion-dollar, global industry. 

For more information visit: www.syscolabs.lk