Threat and Vulnerability Engineer

Job Locations
US-CA-San Francisco
Information Security


First Republic is an ultra-high-touch bank that provides extraordinary client service. We believe that one-on-one interactions build lasting relationships. We move quickly to serve our clients’ needs so that their financial transactions are handled with ease and efficiency. Client trust and security are paramount in our line of business. Ultimately, our goal is unsurpassed client satisfaction which will lead to personal referrals – our number one source of new business. We recognize that our competitive advantage starts with our people and our culture. At First Republic, we work hard and move quickly as a very coordinated team. If you are looking for an opportunity to grow and contribute in a fun, fast-paced environment, First Republic is the place for you. We have exceptional people focused on providing extraordinary service.

The Threat and Vulnerability Security Engineer provides security oversight to First Republic Bank’s computing environment. 


Oversight is achieved by monitoring and investigating potential security vulnerabilities and threats as reported by FRB’s security tools; performing security data analytics; identifying and addressing potential data loss channels; and staying apprised of potential security challenges through the gathering and processing of cyber intelligence.


The position will work closely with other Network Security Engineers and Information Services personnel to ensure appropriate controls are in place, and to ensure that security policies are being effectively employed. 


The position will work closely with other Network Security Engineers and Information Services personnel to ensure appropriate controls are in place, and to ensure that security policies are being effectively employed. 



  • Information Security Threat and Vulnerability Management
    • Responsible for configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
    • Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs.
    • Approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
    • Identify and resolve any false positive findings in assessment results.
  • Information Security Threat and Vulnerability
    • Reporting Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
    • Design and deliver actionable Information Security dashboards and scorecards.
    • Analyze data sources and recommend optimal data sources to provide relevant reporting.
    • Provide IT Governance metrics and reporting
  • Oversee Remediation Activities:
    • Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
    • Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
    • Validate remediation by reviewing application updates or deployed mitigations to verify resolution.



  • BS in Computer Science or equivalent
  • Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH).
  • Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
  • Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
  • Experience with vulnerability scanners, vulnerability management systems, patch management, and host based security systems. Host Based Security Systems, patch management.
  • Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web Application Firewalls (WAF).
  • Ability to provide quality deliverables on time and on budget.


 Job demands:

  • Must be able to review and analyze data reports and manuals; must be computer proficient.
  • Must be able to communicate effectively via telephone and in person.


Own your work and your career — apply now

Are you willing to go the extra mile because you love what you do and how you can contribute as a team? Do you want the freedom to grow and the opportunity to take charge of your own career? If so, then come join us.


We want hard working team players. You’ll have the independence to learn, lead and drive change. A culture of extraordinary service, empowerment and stability — that’s the First Republic way.


Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records, to the extent consistent with applicable federal and/or state law.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.