Vulnerability Management Analyst

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

We are seeking a skilled and proactive Vulnerability Management Analyst to join our security team. In this role, you’ll lead day-to-day operations of vulnerability assessment and remediation efforts for different clients, in a small team while working hands-on with tools like CrowdStrike or MDVM. Your sharp analysis, technical precision, and mentoring mindset will directly impact our enterprise security posture.

Your main tasks and accountabilities will be:

• Lead and oversee vulnerability assessment scans using tools such as CrowdStrike, MDVM and Qualys, ensuring accurate execution and timely delivery.
• Configure and schedule scans, interpret assessment findings, and support ongoing remediation efforts in collaboration with stakeholders.
• Manage and maintain up-to-date vulnerability, asset, and configuration databases.
• Perform continuous asset discovery and ensure scan coverage remains comprehensive and consistent.
• Prioritize vulnerabilities based on criticality, exploitability, and potential business impact.
• Mentor junior analysts in scan execution, findings interpretation, and communication protocols.
• Escalate risks and coordinate mitigation tasks as per established security policies and response playbooks.
• Ensure adherence to company and customer information security standards and regulatory compliance.

What do we expect from you?

• Proven experience in vulnerability management, including configuring and operating CrowdStrike, MDVM and Qualys platforms.
• Familiarity with CVSS scoring, patch management cycles, and vulnerability lifecycle workflows.
• Strong analytical skills with an ability to translate complex technical findings into actionable risk narratives.
• Experience in stakeholder handling.
• Experience working in hybrid cloud or enterprise environments is a plus.
• Certifications like CompTIA Security+, CEH, or Qualys Vulnerability Management Specialist are advantageous.
• Fluent in English

What do we offer?

• 23 days of Annual Leave plus the 24th and 31st of December as discretionary days.
• Remote work within Spain. Preferred location Barcelona as part of the team is in Barcelona and so you could benefit from different team building activities that we do in the team.
• Numerous benefits (Heath Care Plan, teleworking compensation, Life and Accident Insurances).
• `Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Heath Care Plan…)
• Free access to several training platforms
• Professional stability and career plans
• Referral program
• The option to pick between 12 or 14 payments along the year.
• Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime…)