Application Security Analyst – Vulnerability Management (Hybrid)
Share
Job Location:
Monthly Salary:
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
APPLICATION SECURITY ANALYST VULNERABILITY MANAGEMENT(HYBRID PORTO)
Portuguese company hires for hybrid position
Location: PortoPortugal
Only candidates already basedin Portugal will be considered
Work Model: Hybrid
Language Requirements:English (Fluent) French (Basic)
Seniority: Senior (6 years)
Sector: Banking
Instructions: Please send yourCV in English and make sure to include all skills and experience that match therequirements of the opportunity. This will significantly increase your chancesof success
About the Role
We are looking for a Senior Application Security Analystwith strong expertise in Vulnerability Management to help protectbusiness-critical applications and reduce cyber risk across complexenvironments.
In this role you will be responsible for identifyingassessing prioritizing and driving the remediation of applicationvulnerabilities ensuring compliance with security standards and bestpractices. You will work closely with IT development penetration testingand regional security teams acting as a key point of reference forapplication security and vulnerability governance.
Key Responsibilities
- Perform regular vulnerability assessments on applications in production ensuring continuous compliance with security policies and standards
- Supervise and analyze scans using tools such as Qualys AppSpider Bitsight and similar platforms
- Monitor threat intelligence sources and CVE databases to stay ahead of emerging risks
- Assess and prioritize vulnerabilities based on severity exploitability and business impact
- Drive and track remediation activities ensuring adherence to defined KPIs KRIs and SLAs
- Coordinate with development IT AppSec Pentest and regional teams to ensure timely mitigation
- Maintain accurate and up-to-date data in ticketing and reporting tools (e.g. Jira ServiceNow)
- Produce dashboards KPIs and executive reports on vulnerability posture and remediation progress
- Ensure compliance with security frameworks and standards (ISO 27001 NIST OWASP)
- Participate in incident response and emergency situations when rapid action is required
- Contribute to the continuous improvement of vulnerability management processes and tooling
- Promote secure coding practices and security awareness across IT and development teams
- Support automation initiatives using Python PowerShell or similar scripting languages
Technical Skills & Tools
- Vulnerability Management: NexusIQ Fortify SonarQube
- Application Security Testing (DAST/SAST): Qualys AppSpider Bitsight
- Security Standards & Frameworks: OWASP SSDLC ISO 27001 NIST
- Technology Stack: Web applications APIs infrastructure thick clients client-server
- Ticketing & Reporting: Jira ServiceNow Power BI
- DevSecOps methodologies and practices
Languages
- English: Full professional proficiency / Mastery
- French: Basic knowledge / Reading & understanding
Soft Skills
- Strong analytical and critical-thinking skills with high attention to detail
- Excellent decision-making and prioritization capabilities
- High level of autonomy and accountability
- Strong collaboration skills across international and cross-functional teams
- Well-organized proactive and results-oriented mindset
Profile & Qualifications
- Proven experience in Application Security with at least 5 years overall and 3 years in Vulnerability Management
- Hands-on experience with CVE analysis threat intelligence and remediation tracking
- Exposure to at least two of the following areas:
- Vulnerability & penetration test report analysis
- Secure software development code review and testing
- Penetration testing
- Risk assessment
- Application or Security Architecture
- Certifications are a strong plus (e.g. CISSP CEH Security CSSLP)
- Academic Background: Masters degree in Computer Science Cybersecurity or related field
Why Join
- Work in a high-impact security role protecting enterprise-scale applications
- Be part of a mature DevSecOps and AppSec environment
- Collaborate with international teams on complex security challenges
- Opportunity to influence security strategy automation and best practices
Keywords for CV
Application Security Analyst Vulnerability ManagementAppSec DevSecOps DAST SAST CVE Threat Intelligence OWASP ISO 27001NIST Qualys AppSpider Bitsight NexusIQ Fortify SonarQube JiraServiceNow Power BI Python PowerShell Secure Coding SSDLC RiskAssessment Penetration Testing Porto Hybrid
#CI PROC26072
Required Experience:
IC
Key Skills
- Databases
- IT Experience
- Iis
- SQL
- .NET
- Microsoft SQL Server
- Visio
- Epic
- Systems Analysis
- Oracle
- Cerner
- Application Support
