Apprentice Vulnerability Analyst (F/M/X)

Summary of the role

You will learn how to become a highly analytical and threat-aware Vulnerability Analyst within our cybersecurity team. This role is focused on tracking analyzing contextualizing vulnerabilities and taking the lead on actions to conduct to improve Equans security posture. Reporting to the Head of Active Defense the Vulnerability Analyst will be a key member of the Vulnerability Management & Compliance Team (VMCT) which is responsible for monitoring and managing vulnerabilities across Equans perimeters that are under the SLS Cyberdefense scope.

KEY RESPONSIBILITIES

• Track and analyze newly disclosed vulnerabilities (CVEs) with a focus on exploitation in the wild.
• Stay current with public advisories vendor bulletins and security research to identify relevant threats.
• Assess vulnerabilities in the context of our technology stack architecture and Equans business activities.
• Prioritize vulnerabilities based onexploitation likelihood threat actor interestrelevance to our environment and potential impacts.
• Analyze attackers TTP to identify exploited vulnerabilities and anticipate their remediation.
• Maintain a curated list of high-risk vulnerabilities and provide actionable insights to remediation teams.
• Collaborate with stakeholder teams to support mitigation strategies.
• Produce concise high-impact reports and briefings for technical and leadership audiences.
• Work with patch managers of different business units and act as an advisor across the vulnerability remediation cycle.
• Support vulnerability scanning and penetration testing efforts.
• Participate in committees (WOCC) as a vulnerability referent.
• Collaborate with CSIRT threat hunting incident response and threat management teams.

Vulnerability Monitoring & Intelligence Gathering:

- Continuously monitor trusted sources (e.g. NVD CISA KEV vendor advisories threat intel feeds) for new disclosed CVEs as well as newly exploited ones.

- Track and assess vulnerabilities relevant to the organizations network perimeters.

Exploitation tracking:

- Monitor for PoC exploits or active exploitation in the wild.

- Coordinate with Equans CSIRT to detect signs of exploitation and improve threat hunting capabilities.

Impact assessment:

- Analyze the technical details of every CVE of interest.

- Evaluate the potential impact on the organizations assets systems and services.

- Prioritize vulnerabilities based on risk (CVSS exploitability assets criticality).

Contextualization for the organization:

- Map vulnerabilities to the organizations technology stack (e.g. OS applications firmware cloud services).

- Collaborate with IT and business units to identify affected systems.

- Provide tailored risk assessments and remediation recommendations.

Reporting & Communications:

- Create clear actionable vulnerability reports for technical and non-technical stakeholders.

- Create and maintain a vulnerability remediation catalogue.

- Communicate verbal analyses to stakeholders.

PROFILE

Academic background & Experience

• Internship
• Engineering school Master M1
• Professional English required

Behavioral Capabilities

• Strong collaboration skills working seamlessly with cross-functional teams such as IT security and compliance.
• Results-driven with a focus on delivering high-quality solutions and achieving business objectives.
• Highly organized with the ability to manage multiple projects and prioritize tasks effectively.
• Comfortable working in a multicultural distributed team.

Skills

• Participate in the improvement and development of process and procedure documentation.
• Ability to multi-task and prioritize.
• Proactive operation mindset.
• Curious and have good verbal and written communication skills.
• Ability to remain resilient and responsive during critical vulnerability disclosures ensuring swift analysis and action under time-sensitive conditions.

Why Join Us

• Global Impact: Influence identity governance across a multinational company.
• Challenging Projects: Work on cutting-edge IGA initiatives with real business impact.
• Career Growth: Opportunity to evolve into IAM leadership or architecture roles.
• Collaborative Culture: Work with experts in cybersecurity cloud and compliance.