Vulnerability Assessment Analyst (Secret)

  • Hybrid
  • English
  • Banking
  • Regular
  • Agile/Scrum
Dodaj do koszyka POLEĆ KANDYDATA

Join us, and protect critical assets with strategic vulnerability analysis!

Krakow-based opportunity with the possibility to work 80% remotely!

As a Vulnerability Assessment Analyst (Secret), you will be working for our client, a prominent global financial institution. The client focuses on managing information, technology, and cybersecurity risks through a comprehensive risk management framework. The Cybersecurity Assessment and Testing (CSAT) function within this organization drives the identification, assessment, and remediation of security vulnerabilities across various platforms. You will be playing a crucial role in ensuring the effectiveness of these processes by providing expert guidance and managing vulnerability assessments.

Your main responsibilities:

  • Managing the review of assigned JIRA tickets, determining potential false positives, and advising on mitigation approaches
  • Supporting imminent threat review sessions and deputizing for the chair when required
  • Monitoring external threat feeds to identify newly reported risks
  • Ensuring clear documentation of identified patterns for remediation or false positives within central tools
  • Assessing all newly discovered vulnerabilities to verify risk scores
  • Reviewing repositories to identify secret data types and sensitive information
  • Identifying critical operational paths to ensure efficient processes
  • Engaging with relevant team members to review and align information requests with the group risk appetite
  • Handling escalations and requests from various teams as required
  • Providing expert guidance on vulnerability remediation and mitigation strategies

You’re ideal for this role if you have:

  • Proficiency with vulnerability management technologies (e.g., SAST/DAST such as Checkmarx, Netsparker, Fortify)
  • Strong knowledge of OWASP concepts, CVE, CWE, and cryptography
  • Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
  • A solid understanding of secret management and secret data types
  • Programming skills in languages like Python and Java
  • Knowledge of common threats, attacks, security protocols, and standards
  • Strong analytical skills for timely risk assessments
  • Proven ability to deliver high-quality work on time
  • Minimum of 4 years of experience in application security
  • Ability to work in a hybrid routine and maintain a high level of personal integrity

It is a strong plus if you have:

  • Hands-on experience with GitHub, Stash, and Data Platforms
  • A proactive, independent, and collaborative team player attitude
  • Outstanding organizational skills and a process-oriented mindset
  • Experience in supporting operational activities and handling escalations

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #6025

Benefits

Access to +100 projects
Access to Healthcare
fintech-delivery
Access to Multisport
Training platforms
Access to Pluralsight
Make your CV shine
B2B or Permanent Contract
Flexible & remote work
Flexible hours and remote work

Aplikuj na to stanowisko

    Wyrażam zgodę na otrzymywanie informacji marketingowych od ITDS Polska na podany adres e-mail Potrzebujemy Twojej zgody na procesy rekrutacyjne na wybrane stanowiska. Prosimy o zamieszczenie w CV zgody na przetwarzanie danych lub przesłanie oświadczenia o wyrażeniu zgody na adres privacy@itds.pl. Możesz również wyrazić zgodę na przyszłe procesy rekrutacyjne na podobne stanowiska.