#1 Job Board for tech industry in Europe

  • Job offers
  • Vulnerability Assessment Analyst (Secret)
    New
    Security

    Vulnerability Assessment Analyst (Secret)

    6 591 - 7 827 USDNet/month - B2B
    Type of work
    Full-time
    Experience
    Senior
    Employment Type
    B2B
    Operating mode
    Hybrid

    Tech stack

      Cybersecurity

      advanced

    Job description

    Vulnerability Assessment Analyst

     

    Location: Kraków

    Contract Type: B2B

    Salary: 160PLN/hour - 190 PLN/hour 

    Work Model: Work from the Krakow office 3 times a month

     

    Our Technology teams work closely with global businesses to design and build digital services that allow millions of customers worldwide to bank quickly, simply, and securely. We also manage IT infrastructure, data centers, and core banking systems that power one of the world’s leading international financial institutions.

    Our multi-disciplinary Technology teams include DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project, and program managers.

    Following extensive investment across our Technology and Digital domains, with plans for continued expansion throughout 2023 and beyond, we are currently seeking a Consultant Specialist to join our Cybersecurity team within Technology.


    Brief Overview of the Business Areas

    Global Cybersecurity enables businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well-understood, with controls appropriately defined, assessed, and implemented. Cybersecurity delivers this through objective, independent, professional, and specialized subject matter expertise. The role is part of the 1LoD (First Line of Defense) within the risk management framework.

    The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is responsible for Vulnerability Management, Secure Development (including DevSecOps), Threat and Controls Assessment (including threat modeling), and Third-Party Security Assessment. The function identifies, captures, assesses, tests/verifies, and remediates security defects, gaps, and vulnerabilities across the company's systems, on-premise, within the cloud, and those stemming from third-party engagements.


    What You Will Be Doing

    In this key role, you will provide ongoing assessment for newly identified vulnerabilities and respond to business queries regarding potential false positives, vulnerability findings, secret data types, and guidance on mitigation approaches. The primary goal is to ensure that all newly discovered vulnerabilities follow the correct risk assessment process, presenting a clear risk profile for senior stakeholders through automated reporting.

    The role reports to the Head of Vulnerability Assessment.


    Key responsibilities include:

    • Managing the review of assigned JIRA tickets, identifying potential false positives, advising on remediation, and supporting imminent threat review sessions.
    • Monitoring external threat feeds for newly reported risks.
    • Documenting remediation patterns and false positive identifications within central tools and applying them across the identified threat landscape.


    What You Will Bring to the Role

    • Proficiency in vulnerability management technologies and applications (e.g., SAST/DAST tools like Checkmarx, Netsparker, Fortify, IBM AppScan, etc.).
    • Strong knowledge of OWASP concepts, CVE, CWE, and cryptography.
    • Experience in vulnerability assessments, scoring, and ratings.
    • Hands-on experience with Dynamic Application Security Testing (DAST) and SAST.
    • Solid understanding of Secrets Management and secret data types.
    • Knowledge of programming languages like Python and Java.
    • Awareness of common threats, attacks, security protocols, and standards.
    • Strong analytical skills for timely risk assessments of vulnerabilities.
    • Familiarity with GitHub, Stash, and data platforms.
    • A proven track record of delivering high-quality results on time.
    • At least 4+ years of experience in Application Security, with the ability to work in a hybrid model.

     

    Key Responsibilities:

    • Assess all newly discovered vulnerabilities to ensure the risk score accurately reflects the associated risk.
    • Review various repositories to identify secret data types and sensitive information.
    • Monitor external threat feeds to identify any newly reported external risks.
    • Manage the review of assigned JIRA tickets, determine potential false positives or mitigation approaches, and provide expert guidance on remediation.
    • Ensure all remediation patterns and false positive identifications, as well as temporary fix reviews, are clearly documented in central tools and applied across the identified threat landscape.
    • Identify critical operational paths and ensure they are followed to optimize efficiency.
    • Maintain clear accountability for key control and risk indicators related to Vulnerability Assessment and Response.
    • Support imminent threat review sessions, and deputize for the chair when required.
    • Engage with the Head of VM Ops, Reports, Vulnerability Capture, and relevant team members to review and gain approval for submissions, ensuring information requests align with the group's risk appetite.
    • Perform ad hoc tasks as needed, including support for CSAT operational activities, handling escalations, and responding to requests from various teams. 

    Check similar offers

    Google Cloud Security SME

    New
    Team Up
    6.87K - 7.36K USD
    Warszawa
    , Fully remote
    Fully remote
    Google Cloud Platform
    Security

    Senior IT Security Consultant

    New
    Jit Team
    4.66K - 6.7K USD
    Katowice
    , Fully remote
    Fully remote
    IT Security

    OT/IoT Security Specialist IRC241206

    New
    GlobalLogic
    Undisclosed Salary
    Kraków
    IoT

    Penetration Tester

    New
    ISEC
    2.45K - 4.41K USD
    Warszawa
    , Fully remote
    Fully remote
    Cybersecurity

    Penetration Tester

    New
    ING Hubs Poland
    Undisclosed Salary
    Katowice
    IT
    OWASP TOP 10
    SQL