Vulnerability Management Analyst & Automation specialist

The main responsibilities:

• Actively contributes to the configuration of the detection tool to the permanent quality assessment of this configuration and of linked processes (coverage etc.); in this context you proactively identify potential gaps and propose remediations when needed
• Actively contributes to internal control related to the area of activity and takes responsibility for part of the automation.
• Creates / maintains necessary documentation and procedures.
• Assists in high-risk vulnerability assessments (in collaboration with the Threat Intelligence team and Risk Management)
• Supports Vulnerability prioritisation with analysis and assessment of vulnerability and configuration compliance data; identifies high risk vulnerabilities or false positives
• Assists in findings clarifications for trends in vulnerability scan results and for (active) threats requiring investigation.
• Collaborates with Patch Orchestration Team to get insights and assurance on high-risk remediation.
• Collaborates and exchange relevant information with relevant teams like Threat Intel team Pentest team Application Security team or Customer Risk team.
• Provides on demand information to stakeholders.

In this role you will be involved in the endtoend process from vulnerability detection to remediation. Within the team your focus will be on:

1. Participating in the configuration of tools mainly (but not exclusively) for compliance checks including the automation of certain CIS baseline assessments; ensuring that operational activities related to these checks are properly documented and executed.
2. Actively contributing to the automation of quality assessment controls using Python scripts.
3. Performing vulnerability and threat assessments primarily in collaboration with the Cyber Threat Management team and the Pentest team.
4. Acting as a subject matter expert sharing your knowledge with the team and providing expert advice to the Security Exception Review Board.

The ideal candidate also has strong logical reasoning skills. He/She has experience in control automation and in developing python scripts; the experience in creating Ansible playbooks is a real asset. He/She has a solid understanding of vulnerability management activities (prioritization etc.).
The candidate is willing to work an average of at least two days per week onsite at the companys premises with the remaining days worked remotely.

Technical skills

• Good understanding of security practices and risk management
• Python scripting is a must / Experience with Ansible is a serious plus
• Knowledge of vulnerability management (exploitability attack vectors etc.)

On top following technical skills are a plus

• Basic understanding of Network security (firewalls IDS/IPS load balancers and network access controls that affect vulnerability assessment routing network segmentation)
• Hands on experience with vulnerability scanning tool (Rapid7 InsightVM is a plus)
• Knowledge of MS Defender is considered a plus
• Any proven Microsoft AZ-500 certification is a plus
• Unix/Linux and Windows Operating Systems and general security practices (proven experience in these domains is a plus)
• SQL querying is a plus
• Experience in auditing is a plus
• CISSP GIAC CEH COMPTIA or other relevant security certification is a plus
  

Soft skills

• Integrity collective ownership and curiosity are core values you embody. Your approach to work is guided by a deep respect for your colleagues.
• Ability to self-reflect and to never consider anything as final or set in stone.
• Team-player; in this role you will closely work together with the other members of your team. As such an open respectful and constructive communication is required and willingness to work towards the common team goals as first priority.
• Analytical; Be able to analyse complex data identify priority solutions to implement and vulnerabilities to remediate. Gain understanding of threat levels.
• Pro-activeness monitor quality of what we deliver and identify improvements where needed ensure qualitative documentation be transparent on difficulties you encounter keep track of your tasks and report pro-actively on status
• Customer friendliness is important as you will have interactions with various stakeholders on different levels.
• Be a good communicator in English both verbal and written; French or Dutch is a plus
• Be able to work independently responsibly and professionally with highly confidential information.
  

#LI-YK1