Vulnerability Assessment Analyst (Secret)

Join us, and protect critical assets with strategic vulnerability analysis!

Krakow-based opportunity with the possibility to work 80% remotely!

As a Vulnerability Assessment Analyst (Secret), you will be working for our client, a prominent global financial institution. The client focuses on managing information, technology, and cybersecurity risks through a comprehensive risk management framework. The Cybersecurity Assessment and Testing (CSAT) function within this organization drives the identification, assessment, and remediation of security vulnerabilities across various platforms. You will be playing a crucial role in ensuring the effectiveness of these processes by providing expert guidance and managing vulnerability assessments.

Your main responsibilities:

• Managing the review of assigned JIRA tickets, determining potential false positives, and advising on mitigation approaches
• Supporting imminent threat review sessions and deputizing for the chair when required
• Monitoring external threat feeds to identify newly reported risks
• Ensuring clear documentation of identified patterns for remediation or false positives within central tools
• Assessing all newly discovered vulnerabilities to verify risk scores
• Reviewing repositories to identify secret data types and sensitive information
• Identifying critical operational paths to ensure efficient processes
• Engaging with relevant team members to review and align information requests with the group risk appetite
• Handling escalations and requests from various teams as required
• Providing expert guidance on vulnerability remediation and mitigation strategies

You’re ideal for this role if you have:

• Proficiency with vulnerability management technologies (e.g., SAST/DAST such as Checkmarx, Netsparker, Fortify)
• Strong knowledge of OWASP concepts, CVE, CWE, and cryptography
• Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
• A solid understanding of secret management and secret data types
• Programming skills in languages like Python and Java
• Knowledge of common threats, attacks, security protocols, and standards
• Strong analytical skills for timely risk assessments
• Proven ability to deliver high-quality work on time
• Minimum of 4 years of experience in application security
• Ability to work in a hybrid routine and maintain a high level of personal integrity

It is a strong plus if you have:

• Hands-on experience with GitHub, Stash, and Data Platforms
• A proactive, independent, and collaborative team player attitude
• Outstanding organizational skills and a process-oriented mindset
• Experience in supporting operational activities and handling escalations

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #6025