Cybersecurity (Vulnerability) Analyst

As an Infrastructure Vulnerability Analyst you will work as a member of the Infrastructure Vulnerability Management team responsible for reducing our client's attack surface.

The Vulnerability Management function is very critical to the company and it is often required to work with system owners, security management, and the security operations track.

It covers a range of security disciplines from vulnerability management, access control, alert and response management through to measurement and reporting of the organization's security posture.

As a member of this team you will participate in the defense of one of the world's leading e-commerce organizations and have the opportunity to learn and develop skills in a truly world leading security practice.

• Work model: hybrid from Bucharest;
• Role duration: 1 year (maternity leave cover);

Role responsibilities:

• Support identification of vulnerabilities by enhancing vulnerability identification at process and technology level.
• Own and manage infrastructure vulnerability scanning process and tools to align with vulnerability identification KPIs.
• Support identification, triaging, assignment and remediation of infrastructure vulnerabilities ensuring that vulnerability management lifecycle is followed.
• Monitor and review cloud vulnerability and compliance vulnerability assessment findings for different cloud environments.
• Support customers by answering vulnerability management related questions and providing the guidance needed for patching.
• Monitor and review container and image scanning capabilities and conduct analysis on vulnerabilities to ensure remediation.
• Timely respond to security threats by collaboration with other security teams and provide effective remediation solutions complemented by compensatory controls.
• Work with the CSIRT on the detection and mitigation of incidents. ○ Perform validation of moderately to highly complex vulnerability security reports.
• Provide data driven insights into improvement opportunities for infrastructure vulnerability management processes.
• Prepare reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective.
• Work with engineering teams for effective patch management by providing highly customized reports and vulnerability metrics.
• Provide support for infrastructure penetration testing assessments and PCI compliance assessments.
• Follow up and mitigate the findings of infrastructure penetration testing assessments and PCI compliance assessments.
• Drive the remediation process to ensure vulnerable assets are patched or remediated with compensating controls within agreed SLAs.
• Proactively research new methods, tools, and strategies to effectively identify infrastructure vulnerabilities.

Job requirements:

• Bachelor's Degree or equivalent experience;
• English and Romanian fluency;
• 3-5 years working in security practices;
• Advanced level of understanding regarding systems hardening , security configuration baselines at both technical and procedural level;
• Advanced level of understanding of infrastructure vulnerability scanning tools e.g network, cloud, container and image scanning solutions;
• Experience with implementing and maintaining scanning tools for endpoints, bare-metal, cloud and containers;
• Experience with Docker and Kubernetes environment with good understanding of container and image vulnerability remediation processes;
• Excellent interpersonal and communication skills in order to share knowledge and to communicate effectively with different stakeholders (IT and business partners);
• Relevant industry certification i.e SANS - ISACA - ISC2 (a plus);
• Excellent communication skills, good analytical and negotiation skills, close attention to detail required;
• Demonstrated adaptability to change, customer focus, continuous learning, and problem solving required.

Diversity & Inclusion

Here at the Stefanini Group, we value plurality and equity, regardless of race, sexual orientation, disability, age, ancestry, religion, gender, and nationality. We understand and encourage the importance of being you!

The preceding job description had been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and responsibilities required of employees assigned to this job.

What's next?

It's best to apply today, because job postings can be taken down and we wouldn't want you to miss this opportunity. To apply, please submit your updated English-written CV.

About Us

We are the Stefanini group, a global tech consulting company of Brazilian origin that believes in the power of people to transform businesses through technology.

We are present in over 40 countries and operate with the purpose of co-creating solutions together with our clients that accelerate results and improve the experience of people and organizations.

Here, we like to say that technology is not the end, but the means: what really matters are the people who drive it all.

Our mindset is AI First, meaning we invest in cutting-edge technology in everything we do, focusing on results for our clients.

We are a company, a group, that breathes collaboration and offers a dynamic environment where you will learn by doing, grow alongside the team, and have space to contribute with ideas and projects.

More than just talking about digital transformation, we believe in real transformation that starts with people and impacts real businesses.

If you are looking for a place to develop, innovate, and be part of something bigger, the Stefanini Group is your place.

We want to inform you that there are currently scams targeting job seekers by falsely using our company's name, Stefanini. We sincerely apologize for any confusion or inconvenience this may have caused.

Please remember that legitimate job offers from Stefanini will always come through official channels, including direct communication with our trained recruiters. If you receive any unsolicited messages requesting payment or personal information, please disregard them.

If you suspect you've been targeted, please contact us immediately at [email protected] for verification.

Key Points to Remember:

• Legitimate job offers only follow interviews conducted with our hiring managers or clients.
• We will never ask for payment at any stage of the recruitment process.

Stay vigilant and feel free to reach out for verification. Your safety and security are our top priorities. Thank you for your understanding and cooperation!