We are looking for a Security Engineer to join our Client’s team under a hybrid work model (once per week in the office in Lisbon).

At Hexa Consulting, we are more than an IT consulting company — we are a place where technological talent grows. Based in Portugal, we value transparency and a people-first approach, helping professionals take the next big step in their IT careers. Our mission is to build strong relationships and support the development of every team member.

With projects in Nearshore, Time & Material, Service Management, and Tech Academies, you will find opportunities to learn, innovate, and grow in your career.

Work model depending on where you live:

• Within 70 km of Lisbon office — 1x per WEEK on-site
• Over 70 km of Lisbon office — 2x per MONTH on-site

Key Responsibilities:

• Operate and continuously improve the vulnerability management lifecycle, from identification to validation and closure
• Manage and maintain vulnerability scanning tools for servers, endpoints, cloud, and containerized environments
• Analyse vulnerability data, prioritize findings based on business impact, and coordinate remediation with asset owners
• Develop and maintain dashboards, metrics, and management reports related to vulnerability status and risk exposure
• Support compliance initiatives related to ISO 27001, NIS2, and internal audit requirements
• Collaborate with DevSecOps and Infrastructure teams to automate scanning and patch validation workflows
• Participate in threat and vulnerability assessments for new systems and third-party integrations

Required Qualifications:

• 3 – 5 years of experience in cybersecurity engineering, vulnerability management, or system hardening
• Solid knowledge of common vulnerability scanning tools such as Tenable, Qualys, Rapid7, or OpenVAS
• Strong understanding of system and network security fundamentals across Linux, Windows, and cloud platforms (AWS, Azure)
• Strong analytical skills with the ability to interpret complex data and communicate findings clearly
• Proficiency in English, both written and spoken
• Experience with ticketing systems and risk tracking tools for vulnerability remediation workflows
• Experience with project management practices or methodologies
• Bachelor’s degree in Information Security, Computer Science, or equivalent professional experience

Preferred Qualifications:

• Industry certifications such as CompTIA Security+, CEH, GSEC, or Vendor Certified Practitioner
• Familiarity with SIEM platforms, configuration management, or threat intelligence integration
• Experience working in enterprise or multinational environments
• Scripting or automation experience using Python, PowerShell, or Bash

Why Join Us?

• Contract Type: Permanent / Employment or B2B, according to preference
• Health Insurance: Comprehensive coverage for your well-being
• Hybrid Model: Flexible hybrid work arrangement
• Continuous Learning: Access to a Udemy Business subscription with thousands of courses and workshops
• Team Culture: A collaborative, relaxed, and innovative environment

If you meet the above criteria and are ready for an exciting opportunity in a dynamic environment, send us your CV!