Vulnerability Assessment Analyst (Secret)

at  ITDS Business Consultants

JOIN US, AND PROTECT CRITICAL ASSETS WITH STRATEGIC VULNERABILITY ANALYSIS!

Krakow-based opportunity with the possibility to work 100% remotely!
As a Vulnerability Assessment Analyst (Secret), you will be working for our client, a prominent global financial institution. The client focuses on managing information, technology, and cybersecurity risks through a comprehensive risk management framework. The Cybersecurity Assessment and Testing (CSAT) function within this organization drives the identification, assessment, and remediation of security vulnerabilities across various platforms. You will be playing a crucial role in ensuring the effectiveness of these processes by providing expert guidance and managing vulnerability assessments.

YOUR MAIN RESPONSIBILITIES:

• Managing the review of assigned JIRA tickets, determining potential false positives, and advising on mitigation approaches
• Supporting imminent threat review sessions and deputizing for the chair when required
• Monitoring external threat feeds to identify newly reported risks
• Ensuring clear documentation of identified patterns for remediation or false positives within central tools
• Assessing all newly discovered vulnerabilities to verify risk scores
• Reviewing repositories to identify secret data types and sensitive information
• Identifying critical operational paths to ensure efficient processes
• Engaging with relevant team members to review and align information requests with the group risk appetite
• Handling escalations and requests from various teams as required
• Providing expert guidance on vulnerability remediation and mitigation strategies

YOU’RE IDEAL FOR THIS ROLE IF YOU HAVE:

• Proficiency with vulnerability management technologies (e.g., SAST/DAST such as Checkmarx, Netsparker, Fortify)
• Strong knowledge of OWASP concepts, CVE, CWE, and cryptography
• Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
• A solid understanding of secret management and secret data types
• Programming skills in languages like Python and Java
• Knowledge of common threats, attacks, security protocols, and standards
• Strong analytical skills for timely risk assessments
• Proven ability to deliver high-quality work on time
• Minimum of 4 years of experience in application security
• Ability to work in a hybrid routine and maintain a high level of personal integrity