Security Analyst (f/m/d)

Your new role

As a Security Analyst (f/m/d) Focus on Vulnerability Management you will be a central part of our IT security team. Your main responsibilities will include analyzing validating and tracking vulnerability findings identified by automated security scanners external assessments or penetration tests.

You will work daily with tools like Defect Dojo support business units in the technical assessment and remediation of findings and ensure continuous improvement of data quality and efficiency in vulnerability handling. You will also integrate relevant systems (e.g. CMDBs ticketing platforms or asset data sources) to gain contextual information for better prioritization.

In addition you will configure your own vulnerability scans automate processes through scripting and contribute your technical expertise to actively enhance the security of our systems.

The work youll do

• Operation and further development of our Vulnerability Management using tools like Defect Dojo
• Analysis prioritization and validation of findings from vulnerability scans penetration tests or external reports
• Supporting business units in the technical classification traceability and remediation of vulnerabilities
• Reducing false positives and improving data quality through technical contextualization
• Tracking and reporting of vulnerability remediation including deadlines actions and associated risks
• Integration of external systems (e.g. CMDB asset management ticketing systems) to enrich and enhance the accuracy of findings
• Configuration and setup of security scanners (e.g. Nessus OpenVAS) and integration into existing workflows
• Automation of processes using Python or Shell to increase efficiency
• Collaboration with Incident Response Threat Intelligence or other security teams when needed

The qualifications you need

• A degree in IT security computer science or a comparable qualification
• Experience in Vulnerability Management and working with tools such as Defect Dojo TheHive Cortex and MISP for vulnerability incident or threat intelligence management
• Technical understanding of IT architectures vulnerabilities and their impact
• Familiarity with CVSS CVE OWASP Top 10 SANS Top 25
• Proficiency in scripting languages such as Python or Shell e.g. for automating security processes data analysis or API integration
• Experience with vulnerability scanners like Nessus OpenVAS or similar tools including setup operation and integration into existing workflows
• Ability to connect external systems such as CMDBs ticketing systems or asset data sources to improve the accuracy prioritization and traceability of findings
• Ability to communicate complex technical topics in a target group-oriented manner
• Independent and structured working style with strong team skills
• Certifications such as CompTIA Security CEH or GIAC are a plus but not required
• Excellent German and English skills both written and spoken

What we can offer you

• An unlimited fixed-term contract
• Flexible working hours and the option to work hybrid (2 days/week in the office)
• Cozy and large workplaces with modern equipment and cordial colleagues in Lisbon (Barata Salgueiro 37) super central
• Funding of educational trainings and Rosetta Stone language courses
• Additional vacation days (25 instead of 22)
• One of the best health Insurance with great coverage (including family members free of charge (after probation period)
• Meal allowance card and Pizza discounts
• Subsidy of Urban Sports Membership
• Public transportation subsidy
• Laptop of your choice (Apple Windows or Linux)
• Regular team and company events
• Fruits and beverages in Office