Application Security Analyst (Vulnerability & Management) at Inetum

Porto, , Portugal -

Full Time

Start Date

Immediate

Expiry Date

01 Jul, 26

Salary

0.0

Posted On

02 Apr, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Vulnerability Management, Application Security, DAST, Qualys, NexusIQ, Fortify, SonarQube, OWASP Top 10, SSDLC, Jira, ServiceNow, PowerShell, Python, Risk Assessment, Penetration Testing, DevSecOps

Industry

IT Services and IT Consulting

Description

Company Description Inetum is a European leader in digital services, supporting organizations as they navigate continuous technological change. The company helps clients accelerate their digital transformation through a broad portfolio that includes consulting, application services, digital engineering, cloud, cybersecurity, platforms, and infrastructure services Job Description This position is responsible for ensuring the ongoing security compliance of applications in production, reducing the risk of cyber‑attacks, data breaches, and service disruptions, while safeguarding the confidentiality, integrity, and availability of organizational assets. The Application Security Analyst will regularly assess application security posture, analyze results from security testing tools (e.g. DAST), drive vulnerability remediation, and contribute to the continuous improvement of application security processes, standards, and procedures. This role involves close collaboration with development, infrastructure, security, and regional teams to embed strong security practices across the organization. Key Responsibilities 1. Vulnerability Identification & Monitoring Supervise and review regular vulnerability scans using tools such as Qualys, Bitsight, and similar technologies. Monitor threat intelligence sources and security advisories (e.g. CVE databases) to identify emerging vulnerabilities and risks. Review security compliance of production applications to ensure adherence to internal and external security standards. 2. Risk Assessment & Prioritization Assess identified vulnerabilities based on severity, exploitability, and business impact. Ensure defined prioritization models are followed and clearly communicate risks and impacts when remediation timelines are not met. Support stakeholders in understanding vulnerability risk and remediation urgency. 3. Remediation Coordination Work closely with IT, Development, Application Security, Pentest, and Regional Teams to track, remediate, or mitigate vulnerabilities. Drive remediation activities through ticketing systems, ensuring timely application of patches, fixes, or compensating controls. Actively follow up on open findings and escalate when necessary to meet remediation SLAs and KPIs. 4. Tracking, Reporting & Governance Maintain accurate and up‑to‑date vulnerability data in ticketing and reporting tools (e.g. Jira, ServiceNow). Generate regular and ad‑hoc reports and dashboards (KPIs/KRIs) for technical teams, management, and auditors. Support compliance with security standards and frameworks such as ISO 27001, NIST, and internal AppSec policies. 5. Continuous Improvement & Advisory Contribute to the definition, review, and upkeep of application security procedures, guidelines, and standards. Identify opportunities to improve and automate vulnerability management processes. Raise security awareness among IT and development teams (secure coding practices, vulnerability awareness). Participate in incident or emergency situations requiring rapid security response and expert support. Develop or maintain automation scripts (e.g. PowerShell, Python) to support BAU activities. Qualifications Vulnerability Management & AppSec Tools NexusIQ, Fortify, SonarQube Qualys, AppSpider, Bitsight Security Standards & Frameworks OWASP Top 10 SSDLC (Secure Software Development Life Cycle) Technical Environment Web applications, APIs, infrastructure, client-server, thick clients Ticketing & Reporting Jira, ServiceNow Power BI (nice to have) DevSecOps principles and practices Scripting & automation (PowerShell, Python) Experience & Qualifications Professional Experience Minimum 5 years in Application Security or Cybersecurity. At least 3 years focused on Vulnerability Management. Hands‑on experience in at least two of the following areas: Vulnerability & penetration test report analysis Software development, review, or testing Penetration testing Risk assessment Application or security architecture Education Master’s degree in Computer Science, Cybersecurity, or a related field. Certifications (preferred) CISSP, CEH, Security+, CC or equivalent. Language Skills English: Fluent / Professional proficiency French: Basic knowledge (nice to have) Additional Information Lisbon or Porto

Responsibilities

The Application Security Analyst is responsible for identifying, monitoring, and remediating vulnerabilities in production applications to ensure security compliance. They collaborate with cross-functional teams to drive risk assessment, reporting, and the continuous improvement of security standards.