Vulnerability Management Engineer
hace 3 semanas
We are a cutting-edge e-commerce company. Our creative, smart and dedicated teams pool their knowledge and experience to find the best solutions to meet project needs, while maintaining sustainable and long-lasting results. How do we achieve this? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative and respectful culture.
The RoleThis is a highly visible role You will protect our infrastructure by analyzing, remediating, and monitoring breaches, issues, incidents, and vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.
Main responsibilities for this Role
- Vulnerability Management & SecOps Engineer will be responsible for following (but not limited to) responsibilities in day-to-day work:
- Keep and improve the Vulnerability Management Program of the company.
- A focal point of contact for Vulnerability scanning schedule, configuration in a tool, and execution as per the schedule. Any failure of scans is to be investigated and scheduled to be re-run.
- Administration of Qualys Vulnerability Management, Detection & Response (VMDR) and using its various features to enable and support the Vulnerability Management Program.
- Usage of ManageEngine EndPoint Central, New Relic, and any other tools available in the company in order to take advantage of their features to improve the Vulnerability Management Program and Metrics.
- Conducts periodical discovery of IT Assets, ensures that identified assets are appropriately tagged, and includes the new assets in the Vulnerability Management tool.
- Assess the identified vulnerabilities and study & understand the risk profile and impact.
- Identify any false positives reported and the technical limitations of the vulnerability in the environment and be able to declare and manage it within the Qualys tool.
- Keep and improve existing scripts to process vulnerability results (i.e. to automatically import them into Jira while matching existing data in Axonius ).
- Facilitate the process of Risk Acceptance, wherever needed. The candidate will be responsible to coordinating with various stakeholders for proposing, seeking and maintaining the approvals for such cases.
- Perform Penetration Tests following OWASP and using tools such as Burp Suite or ZAP.
- Develop and manage a bug bounty program (i.e. write the security researcher conditions, review received vulnerabilities, etc.).
- Manage vulnerabilities reported by corporate antivirus (i.e. Crowdstrike).
- Collaborate with Infrastructure teams (Windows, Linux, Networks, etc.) for the remediation/mitigation of the identified vulnerabilities.
- Maintain the Vulnerability Dashboard for the scope and submits reports to both technical teams and Management.
- Keep and improve the existing server hardening guides, to avoid recurring vulnerabilities.
- Organize work to achieve compliance with established KPIs for Vulnerability Management and proactively work towards achieving the same.
- Maintain periodical reporting on the progress. Escalate -discuss and consult- as required to next levels and Management in a timely manner.
- Participate in meetings with various stakeholders as per the schedules.
- Liaise with different teams in different geographical zones.
- Propose, plan, and execute vulnerability service/security service improvement initiatives. Adhere to different policies set out by the organization. Follow and improve existing procedures.
- Keep your work organized based on tickets (Jira). Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.
- Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.
- Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.
- Help the organization understand advanced cyber threats.
- Possibility to perform on-call after working hours and weekends.
- Five years of a university degree or four-year college diploma is required, preferably in computer science, telecommunications, or other related academic fields. Or equivalent work experience.
- English & Spanish: Full professional proficiency
- Must have working experience administering and operating Qualys VMDR for a large enterprise.
- Working and hands-on experience in running a Vulnerability Management process.
- Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in operating systems (Windows and Linux), networks, databases, and application servers.
- Good understanding of Reporting needs at various levels of organization and ability to design, create, and present the same.
Reading comprehension: You must be able to read and understand the existing procedures, and the tasks assigned on tickets. This is crucial for you to work under minimal supervision and excel. If you are a technical guru but don't understand the assigned tasks in writing, or don't clarify doubts, this is not your job.
Organization: This position is 50% recurring tasks (i.e. reviewing weekly vulnerability scans), 30% research tasks (i.e. identifying why a vulnerability scan isn't working as expected and solving it together with other teams), 10% chasing other teams (i.e. ensuring that a vulnerability is remedied), and 10% procedures (i.e. improving existing procedures).
Priorization: You must attend the priorities on the assigned tasks and assign the right priority to the discovered vulnerabilities.
Bonus points for the following
Additional requirements, not essential but "nice to have".
- Any Penetration Testing certification (i.e. CEH, OSCP, GPEN, Pentest+).
- Any Vulnerability Management certification.
- Any Qualys certification. Knowledge on CDN and WAF usage and configuration (i.e. Cloudflare, Imperva).
- Experience in working with Splunk as a SIEM.
We will give you the opportunity to be the best version of yourself, develop professionally and create strong working relationships working remote or on site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do.
We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home....
- Competitive remuneration package
- FLEXIBLE WORKING CULTURE: 100% teleworking
- Flexible working schedule
- Intensive summer working hours
- Medical Insurance
- Dental Insurance
- Flexible Compensation (tiquet Restaurant, kindergarten, transport)
- Referral Scheme per referral hired
- Career plan designed by and for you
- Very good atmosphere among colleagues
If this sounds like the place for you, don’t hesitate to contact usAbout us
We are an international team of tech professionals that build some of the best digital entertainment and e-commerce products in the business.
As a full-stack design and development company we deliver high quality application and web experiences for our network of players around the world.
-
Senior Vulnerability Management Engineer
hace 4 semanas
Madrid, España Celonis A tiempo completoThe Role: As a leading player in Process Mining technology, Celonis is seeking an experienced Senior Vulnerability Management Engineer to be an integral part of our world-class Security Engineering Team. This role is pivotal in safeguarding Celonis' cloud-native and on-prem infrastructure by identifying, assessing, and prioritizing vulnerabilities. The work...
-
Senior Vulnerability Management Engineer
hace 7 días
Madrid, Madrid, España Celonis A tiempo completoWe're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us.The Role:As a leading player in Process Mining technology, Celonis is...
-
Senior Vulnerability Management Engineer
hace 7 días
Madrid, España Celonis A tiempo completoWe're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us. The Role: As a leading player in Process Mining technology, Celonis...
-
Senior Vulnerability Management Engineer
hace 4 semanas
Madrid, España Celonis A tiempo completoWe're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us. The Role: As a leading player in Process Mining technology, Celonis...
-
Vulnerability Management Specialist
hace 7 días
Madrid, España IAG Tech A tiempo completoJob DescriptionJob Description: As a Vulnerability Management Specialist, you will be responsible to coordinate and conduct the remediation and mitigating strategy of the security vulnerabilities within our organization's systems and networks. As part of the Iberia CyberSecurity team, you will play a critical role in ensuring the security posture of our...
-
Senior Vulnerability Management Analyst
hace 5 días
Madrid, España Swiss RE A tiempo completoJoin a team of cybersecurity professionals and help Swiss Re to fulfil its mission in making the world more resilient. As a Senior Vulnerability Management Analyst, you will use your expertise in vulnerability management and ability to respond to zero-day vulnerabilities and emerging threats, reducing the attack surface, and cooperating with Incident...
-
Vulnerability Management Bnp Paribas
hace 4 semanas
Madrid, España BNP Paribas A tiempo completoService Overview The service of Production Security provides all necessary resources to ensure the correct and efficient deployment, administration and support of operational security solutions and tools on network, server and endpoint infrastructures for business areas operated by ITG. Vulnerability Management team provides a global service of internal...
-
Security Specialist Vulnerability Management
hace 1 mes
Madrid, Madrid, España BASF SE A tiempo completoABOUT USAt BASF Digital Hub Madrid we develop innovative digital solutions for BASF, create new exciting customer experiences and business growth, and drive efficiencies in processes, helping to strengthen BASF ́s position as the digital leader in the chemical industry. We believe the right path is through creativity, trial and error and great people...
-
Vulnerability Management L2
hace 7 días
Madrid, España Hays A tiempo completoEn **HAYS** estamos colaborando con una de las mayores **redes bancarias internacionales**. Con presencia en 72 países, con más de 190.000 profesionales, el Grupo mantiene posiciones claves en varias actividades bancarias y de servicios financieros, estructurados en torno a tres divisiones operativas principales: **Banca Comercial, Banca Personal y...
-
Cybersecurity Professional for Vulnerability
hace 4 semanas
Madrid, España Siemens A tiempo completoWithin Smart Infrastructure, the Cybersecurity Community is the trusted partner, enabling the business units to achieve their ambition level in a holistic way. Together we make Cybersecurity real - To create environments that care. We are looking for a Cybersecurity Professional for Vulnerability Management. **What role will you play?** - Maintain and...
-
Security Specialist Vulnerability Management
hace 1 mes
Madrid, España BASF SE A tiempo completoABOUT US At BASF Digital Hub Madrid we develop innovative digital solutions for BASF, create new exciting customer experiences and business growth, and drive efficiencies in processes, helping to strengthen BASF´s position as the digital leader in the chemical industry. We believe the right path is through creativity, trial and error and great people...
-
Data Management Engineer
hace 4 semanas
Madrid, España Walters People A tiempo completoDesde Walters People, buscamos perfil de Data Management Engineer para empresa especializada en datos y puntera a nível internacional en el sector, centrada totalmente en proyectos de Data & Analytics. Se busca un perfil con unos criterios claves: - Background de ingeniería informática y/o telecomunicaciones o similares. - Experiência como Data...
-
Industrial Management Engineer
hace 6 días
Madrid, España Merck Kgaa, Darmstadt, Germany A tiempo completoYour role : You will play an important role in improving the organizational effectiveness and efficiency of our working processes. You will apply engineering principles, techniques and tools to optimize processes and streamline workflows. Who you are: Industrial-Organizational Engineer (Industrial Management) or Industrail Engineer with strong knowledge of...
-
Experto En Identity Management Y Servicenow Cmdb
hace 4 semanas
Madrid, España Kaprestechnology A tiempo completoPara un importante cliente del sector seguros en Madrid, buscamos Experto en Identity Management y ServiceNow CMDB, el trabajo es 100% remoto, ofrecemos contrato indefinido con nosotros. Services: Performing study on data synchronization required between Qualys Platform and ServiceNow CMDB; Using the Qualys Guard tool: Dashboarding, reporting, external...
-
Engineering Support Operations
hace 3 semanas
Madrid, España Celonis A tiempo completoThe Team: The Engineering Support Operations team is an enabler of the Engineering department and helps the Engineering organization deliver on its vision of performance, reliability, value and timeliness. We strategically and operationally define the ways to Improve productivity/efficiency of teams, improve the Engineering orgs effectiveness in support...
-
Logistics Engineer Project Management
hace 1 mes
Madrid, España Arvato Services Spain, S.A.U. A tiempo completo**Logistics Engineer & Project Manager** **Mission**: Management and Implementation of client projects. **Functions**: - Design, planning and execution of logistics and value chain projects for clients. - Design solutions for new e-commerce customers relying on new technologies and cutting-edge automation - Ensure compliance with productivity and quality...
-
Engineering Support Operations
hace 4 semanas
Madrid, España Celonis A tiempo completoWe're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us. The Team: The Engineering Support Operations team is an enabler of...
-
Project Risk Management Engineer
hace 4 semanas
Madrid, España Vèringer Ingeniería Avanzada A tiempo completoDescription At Vèringer Engineering, we are committed to innovation projects, the individual professional career development, and creating a more sustainable future. We take pride in working with leading companies to address climate change. To this end, we are looking for multicultural and diverse talents from the Oil&Gas and Industrial sectors to develop...
-
Industrial Management Engineer
hace 4 semanas
Tres Cantos, Madrid provincia, España Merck KGaA A tiempo completoWork Your Magic with us! Ready to explore, break barriers, and discover more? We know you've got big plans '“ so do we! Our colleagues across the globe love innovating with science and technology to enrich people's lives with our solutions in Healthcare, Life Science, and Electronics. Together, we dream big and are passionate about caring for our rich mix...
-
Reporting Engineer
hace 4 semanas
Madrid, España Capgemini A tiempo completoREPORTING ENGINEER - 1. Project follow up and information management with relevant stakeholders. - 2. Coordination with transversal departments to ensure resources available. - 3. Monitoring and control of Action Plans identified. - 4. Design and development of KPI's and data reports. - 5. Monitoring and maintenance of indicators.
