Devoteam Cyber Trust |Junior Vulnerability Manager | Fintech Sector

The Junior Vulnerability Manager will join the Security team and will be responsible for supporting the management of the vulnerability lifecycle with a particular focus on the operation and improvement of the scanning process.

Key Responsibilities:

1. Operation and Maintenance of Vulnerability Scans:

• Scan Execution: Perform vulnerability scans using Nessus including preparing network files to be scanned and validating scan status (often automated; occasional weekend work may be required).

• Troubleshooting: Diagnose and resolve issues when scans fail including:

  • Network diagnostics (connectivity port issues Layer 2/3 next-hop configuration routing VLANs/Trunks).

  • Diagnosing issues in Nessus and the Operating System.

  • Analyzing and improving Python scripts responsible for scanning processes.

2. Automation and Data Handling:

• Script Development (Python/Bash/SQL): Develop modify and maintain scripts to automate vulnerability management tasks.

• Code Migration: Participate in converting Python 2 scripts to Python 3.

• Database Management (SQL): Retrieve and correlate asset lists with scan database information create data insertion queries and process results.

• Data Processing: Use tools such as Regex Excel (Pivot Tables) and Bash to process correlate and prepare scan results for various purposes.

• Quarterly Preparation: Support automation for folder creation in Nessus and asset list processing.

3. Post-Scan and Vulnerability Management:

• Result Handling: Analyze scan results improving scripts to prevent known false positives.

• Vulnerability Closure: Use Burp (or develop alternative Python scripts) to automate batch closure of resolved vulnerabilities.

• Security Analysis: Assess vulnerabilities to determine if they are false positives (requires basic security knowledge).

• Validation: Perform basic security validations (entry-level pentesting skills) to confirm vulnerability resolution.

• Risk Management: Apply basic risk management knowledge to evaluate and propose vulnerability parking timeframes.

4. Infrastructure and Planning:

• Planning: Map networks and schedule scans considering average execution times and restrictions.

• System Configuration: Reinstall the operating system and configure Nessus on dedicated laptops (requires Unix knowledge).

• Asset Validation: Correlate new CMDB assets with the networks configured in planned scans (SQL Bash Python).

Qualifications :

• Security Knowledge (for example knowledge of pentesting)
• Programming skills (Python)
• Network Knowledge
• Unix (important to know network commands bash commands)
• SQL knowledge
• Brief knowledge of risk management
• Fluency in English and Portuguese.

Additional Information :

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees development;
• Collaboration in a company that is constantly growing and evolving;
• Strong organizational culture: collaboration sharing flexibility integrity and low ego.

The Devoteam Group works for equal opportunities promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Remote Work :

No

Employment Type :

Full-time