Vulnerability Analyst

Our mission is to help people integrate technology into everyday life and to enable innovation through technology.

We offer software development and infrastructure solutions, with advanced competences in Blockchain, Artificial Intelligence and Machine Learning. All our offices (in Western Europe or nearshore, in CEE) are located within the boundaries of the European Union.

We believe working in close cooperation with our clients and employees is the key to success; this means we offer people the best working environment in order to achieve the best results. We love entrepreneurial spirits and encourage people around us to be proactive and make the best decisions not only for business, but for their own personal development.

Our nearshore Romanian offices are in Bucharest (Victoriei Square) and Iasi (Palace) and, with over 9000 team members at group level, we make sure we are always close to our customers.

What you will be working on:

As an Infrastructure Vulnerability Analyst you will work as a member of the Infrastructure

Vulnerability Management team responsible for reducing Booking.com’s attack surface.

The Vulnerability Management function is very critical to the company and it is often

required to work with system owners, security management, and the security operations

track. It covers a range of security disciplines from vulnerability management, access

control, alert and response management through to measurement and reporting of the

organization's security posture. As a member of this team you will participate in the

defense of one of the world's leading e-commerce organizations and have the

opportunity to learn and develop skills in a truly world leading security practice.

What you will do:

● Support identification of vulnerabilities by enhancing vulnerability identification at

process and technology level.

● Own and manage infrastructure vulnerability scanning process and tools to align

with vulnerability identification KPIs.

● Support identification, triaging, assignment and remediation of infrastructure

vulnerabilities ensuring that vulnerability management lifecycle is followed.

● Monitor and review cloud vulnerability and compliance vulnerability assessment

findings for different cloud environments.

● Support customers by answering vulnerability management related questions

and providing the guidance needed for patching.

● Monitor and review container and image scanning capabilities and conduct

analysis on vulnerabilities to ensure remediation.

● Timely respond to security threats by collaboration with other security teams and

provide effective remediation solutions complemented by compensatory

controls.

○ Work with the CSIRT on the detection and mitigation of incidents.

○ Perform validation of moderately to highly complex vulnerability security

reports.

○ Provide data driven insights into improvement opportunities for

infrastructure vulnerability management processes.

○ Prepare reports for technical teams, compliance deliverables and

executive management highlighting current status of infrastructure from

vulnerability management perspective.

○ Work with engineering teams for effective patch management by

providing highly customized reports and vulnerability metrics.

○ Provide support for infrastructure penetration testing assessments and

PCI compliance assessments.

○ Follow up and mitigate the findings of infrastructure penetration testing

assessments and PCI compliance assessments.

○ Drive the remediation process to ensure vulnerable assets are patched or

remediated with compensating controls within agreed SLAs.

○ Proactively research new methods, tools, and strategies to effectively

identify infrastructure vulnerabilities

Requirements:

● Bachelor's Degree or equivalent experience

● 3-5 years working in security practices.

● Advanced level of understanding regarding systems hardening , security

configuration baselines at both technical and procedural level.

● Advanced level of understanding of infrastructure vulnerability scanning tools e.g

network, cloud, container and image scanning solutions.

● Experience with implementing and maintaining scanning tools for endpoints,

bare-metal, cloud and containers.

● Experience with Docker and Kubernetes environment with good understanding

of container and image vulnerability remediation processes.

● Excellent interpersonal and communication skills in order to share knowledge

and to communicate effectively with different stakeholders (IT and business

partners).

● Relevant industry certification i.e SANS - ISACA - ISC2 (a plus)

● Excellent communication skills, good analytical and negotiation skills, close

attention to detail required.

● Demonstrated adaptability to change, customer focus, continuous learning, and

problem solving required

Once on board we offer various programs and benefits

• 22 working days as Annual Vacation plus 3 additional days off.
• Floating days
• Medical Insurance at Signal Iduna.
• Benefit Online platform access, with a 690 RON monthly allowance from which you can choose to invest in different wellbeing, financial or retail packages.
• Company performance-based annual bonus prorated according to the number of worked months in a year
• Financial support for the birth of your child or unhappy events.

Learning and development opportunities - allocated budget for certifications and/or trainings