Vulnerability Assessment Analyst

Main tasks:

• Assessments of all newly discovered vulnerabilities, to assess if the provided risk score is correctly reflecting the risk to HSBC.
• Reviewing of several repositories to identify the secret data types and sensitive information.
• Monitoring external threat feeds to identify any newly reported external risks.
• Managing the review of assigned JIRA tickets, determining potential false positive and/ or mitigation on approaches, and providing expert guidance/ advice on remediation.
• Ensuring all patterns identified for remediation and/ or false positive identification, Temp fix reviews are clearly documented within the central tools and applied across the HSBC identified threat estate.
• Identify critical paths of operation and ensure that they are followed to provide the most streamlined and efficient method of operating.
• Clear accountability of the Vulnerability Assessment and Response key control indicators and key risk indicators.
• Supporting Imminent threat review sessions, and deputising for the chair when required.
• Engaging with the Head of VM Ops, Reports, Vulnerability Capture, and relevant team members to review and gain approval for submissions and ensure information requests are aligned with the group risk appetite providing the expected responses.
• Adhoc tasks as required; including support to CSAT operational activities, handling escalations and requests from any team or angle.

Required skills:

• Proficient with Vulnerability management technologies and their applications (e.g., SAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.).
• Strong Knowledge of OWASP concepts and CVE, CWE’s, Cryptography.
• Vulnerability assessments, scoring and ratings and how they are applied.
• Knowledge and Hands on experience of Dynamic Application Security Testing (DAST) & SAST.
• A solid understanding of Secrets Management and Secret data types.
• Programming skills and knowledge of programming languages like Python, Java
• Knowledge about common threats and attacks.
• Understanding of security protocols and standards.
• Strong analytical skills to enable risk assessments of vulnerabilities to be executed in a timely manner.
• Self-motivated and possessing of a high sense of urgency and personal integrity.
• Process orientated, outstanding organizational skills.
• Knowledge of GitHub, Stash and Data Platforms.
• Proven track record on delivering activities on time to a high standard.
• High level of integrity and strong ethical values.
• Pro-active, independent, collaborative team player with a positive attitude.
• Ability to work in Hybrid routine.

We offer:

• A full-time contract (B2B also possible)
• Stable and long-term cooperation
• Well-defined career path at the European leader in engineering & IT consulting
• Participation in company conferences, trainings, workshops, integration meetings, etc.
• Certification and training opportunities
• Opportunity to relocate and work in different ALTEN Polska branches
• After completion of the project, opportunity to engage in a subsequent one within the company.
• Introduction and cooperation with dedicated Business Development Manager