Application Security Analyst (Vulnerability & Management)

Porto - Portugal

Monthly Salary: Not Disclosed

Posted on: 4 hours ago

Vacancies: 1 Vacancy

Job Summary

This position is responsible for ensuring the ongoing security compliance of applications in production reducing the risk of cyberattacks data breaches and service disruptions while safeguarding the confidentiality integrity and availability of organizational assets.

The Application Security Analyst will regularly assess application security posture analyze results from security testing tools (e.g. DAST) drive vulnerability remediation and contribute to the continuous improvement of application security processes standards and procedures.

This role involves close collaboration with development infrastructure security and regional teams to embed strong security practices across the organization.

Key Responsibilities

1. Vulnerability Identification & Monitoring

Supervise and review regular vulnerability scans using tools such as Qualys Bitsight and similar technologies.
Monitor threat intelligence sources and security advisories (e.g. CVE databases) to identify emerging vulnerabilities and risks.
Review security compliance of production applications to ensure adherence to internal and external security standards.

2. Risk Assessment & Prioritization

Assess identified vulnerabilities based on severity exploitability and business impact.
Ensure defined prioritization models are followed and clearly communicate risks and impacts when remediation timelines are not met.
Support stakeholders in understanding vulnerability risk and remediation urgency.

3. Remediation Coordination

Work closely with IT Development Application Security Pentest and Regional Teams to track remediate or mitigate vulnerabilities.
Drive remediation activities through ticketing systems ensuring timely application of patches fixes or compensating controls.
Actively follow up on open findings and escalate when necessary to meet remediation SLAs and KPIs.

4. Tracking Reporting & Governance

Maintain accurate and uptodate vulnerability data in ticketing and reporting tools (e.g. Jira ServiceNow).
Generate regular and adhoc reports and dashboards (KPIs/KRIs) for technical teams management and auditors.
Support compliance with security standards and frameworks such as ISO 27001 NIST and internal AppSec policies.

5. Continuous Improvement & Advisory

Contribute to the definition review and upkeep of application security procedures guidelines and standards.
Identify opportunities to improve and automate vulnerability management processes.
Raise security awareness among IT and development teams (secure coding practices vulnerability awareness).
Participate in incident or emergency situations requiring rapid security response and expert support.
Develop or maintain automation scripts (e.g. PowerShell Python) to support BAU activities.

Qualifications :

Vulnerability Management & AppSec Tools
- NexusIQ Fortify SonarQube
- Qualys AppSpider Bitsight
Security Standards & Frameworks
- OWASP Top 10
- SSDLC (Secure Software Development Life Cycle)
Technical Environment
- Web applications APIs infrastructure client-server thick clients
Ticketing & Reporting
- Jira ServiceNow
- Power BI (nice to have)
DevSecOps principles and practices
Scripting & automation (PowerShell Python)

Experience & Qualifications

Professional Experience
- Minimum 5 years in Application Security or Cybersecurity.
- At least 3 years focused on Vulnerability Management.
- Handson experience in at least two of the following areas:
  - Vulnerability & penetration test report analysis
  - Software development review or testing
  - Penetration testing
  - Risk assessment
  - Application or security architecture
Education
- Masters degree in Computer Science Cybersecurity or a related field.
Certifications (preferred)
- CISSP CEH Security CC or equivalent.

Language Skills

English: Fluent / Professional proficiency
French: Basic knowledge (nice to have)

Additional Information :

Lisbon or Porto

Remote Work :

Employment Type :

Full-time

This role involves close collaboration with development infrastructure security and regional teams to embed strong security practices across the organization.

Key Responsibilities

1. Vulnerability Identification & Monitoring

Supervise and review regular vulnerability scans using tools such as Qualys Bitsight and similar technologies.
Monitor threat intelligence sources and security advisories (e.g. CVE databases) to identify emerging vulnerabilities and risks.
Review security compliance of production applications to ensure adherence to internal and external security standards.

2. Risk Assessment & Prioritization

Assess identified vulnerabilities based on severity exploitability and business impact.
Ensure defined prioritization models are followed and clearly communicate risks and impacts when remediation timelines are not met.
Support stakeholders in understanding vulnerability risk and remediation urgency.

3. Remediation Coordination

Work closely with IT Development Application Security Pentest and Regional Teams to track remediate or mitigate vulnerabilities.
Drive remediation activities through ticketing systems ensuring timely application of patches fixes or compensating controls.
Actively follow up on open findings and escalate when necessary to meet remediation SLAs and KPIs.

4. Tracking Reporting & Governance

Maintain accurate and uptodate vulnerability data in ticketing and reporting tools (e.g. Jira ServiceNow).
Generate regular and adhoc reports and dashboards (KPIs/KRIs) for technical teams management and auditors.
Support compliance with security standards and frameworks such as ISO 27001 NIST and internal AppSec policies.

5. Continuous Improvement & Advisory

Contribute to the definition review and upkeep of application security procedures guidelines and standards.
Identify opportunities to improve and automate vulnerability management processes.
Raise security awareness among IT and development teams (secure coding practices vulnerability awareness).
Participate in incident or emergency situations requiring rapid security response and expert support.
Develop or maintain automation scripts (e.g. PowerShell Python) to support BAU activities.

Qualifications :

Vulnerability Management & AppSec Tools
- NexusIQ Fortify SonarQube
- Qualys AppSpider Bitsight
Security Standards & Frameworks
- OWASP Top 10
- SSDLC (Secure Software Development Life Cycle)
Technical Environment
- Web applications APIs infrastructure client-server thick clients
Ticketing & Reporting
- Jira ServiceNow
- Power BI (nice to have)
DevSecOps principles and practices
Scripting & automation (PowerShell Python)

Experience & Qualifications

Professional Experience
- Minimum 5 years in Application Security or Cybersecurity.
- At least 3 years focused on Vulnerability Management.
- Handson experience in at least two of the following areas:
  - Vulnerability & penetration test report analysis
  - Software development review or testing
  - Penetration testing
  - Risk assessment
  - Application or security architecture
Education
- Masters degree in Computer Science Cybersecurity or a related field.
Certifications (preferred)
- CISSP CEH Security CC or equivalent.

Language Skills

English: Fluent / Professional proficiency
French: Basic knowledge (nice to have)

Additional Information :

Lisbon or Porto

Remote Work :

Employment Type :

Full-time

Key Skills

Apply Now

About Company

Inetum

Inetum is a European leader in digital services. Inetums team of 28,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetums solutions aim at contributing to its clients performance and innovation as well ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click