Junior Cybersecurity Analyst

Role: Junior Cybersecurity Analyst

Skills: PCI-DSS & Vulnerability Management

Location: Madrid Spain

Type: Permanent

We are at Coforge hiring for Junior Cybersecurity Analyst with PCI-DSS & Vulnerability Management

Profile Summary

Junior Cybersecurity professional with foundational knowledge of PCI-DSS and ISO 27001 standards, focused on supporting the Cyber Champion and the Security team in vulnerability management activities, remediation plan tracking, and coordination with technical teams.

Key Responsibilities

• Support the Cyber Champion in tracking vulnerability-related tasks, prioritizing those impacting PCI-DSS compliance.
• Collaborate in monitoring vulnerabilities identified by tools such as:
• Wiz
• Qualys
• Amazon Guard Duty
• Amazon Inspector
• Review, log, and track:
• Critical and high vulnerabilities in PCI environments
• Remediation evidence requested during PCI-DSS audits
• Internal SLA deadlines and audit requirements
• Assist in the initial analysis of vulnerability impact and classification (CVSS, NVD, PCI context).
• Update tracking dashboards and reports using Excel, Power BI, or internal tools.
• Support activities related to PCI-DSS control compliance, including:
• 6.x (Secure development and vulnerability management)
• 11.x (Security testing)
• 12.x (Governance and documentation)
• Follow up with infrastructure and development teams on assigned tasks to manage:
• Pending patches
• Configuration updates
• Audit evidence for PCI compliance
• Participate in follow‑up meetings (Teams and/or in person).
• Prepare meeting minutes.

Technical Knowledge

Regulations and Standards

• Fundamentals of PCI-DSS (latest version).
• Knowledge of ISO/IEC 27001:2022 and its controls.
• Knowledge of OWASP.
• Understanding of the vulnerability management lifecycle.
• Knowledge of SDLC (Software Development Life Cycle).

Security and Tools

• Basic knowledge of:
• CVE, CVSS, NVD, MITRE
• Risk and criticality concepts
• Basic hardening (OS, cloud, applications)
• Initial experience with tools for:
• Vulnerability management (AWS, Wiz, Qualys)
• Ticketing systems (Jira, ServiceNow)

Cloud and Systems

• AWS and Azure (AWS CLI, AWS Console, MS PowerShell).
• Linux and Windows operating systems (fundamentals).
• Networking and essential ports to understand findings.
• Kong, Keycloak, Spring Cloud Gateway (basic knowledge).

Core Competencies

• Strong attention to detail when tracking vulnerabilities and evidence.
• Analytical thinking to prioritize risks.
• Continuous learning mindset regarding compliance standards.
• Clear communication with technical and audit teams.
• Time management and organization to handle multiple tasks.
• Compliance‑ and documentation‑oriented mindset.

Education

Degree or vocational training in:

• Computer Engineering
• Cybersecurity
• Systems or Telecommunications
• Or similar fields

Languages

• English B2 level (preferred).

Certifications (Desirable, not mandatory)

• AWS Cloud Practitioner
• PCI-DSS Foundations
• ISO 27001:2022 Foundations
• NIS2 Foundations