Product Owner – Exposure Scanning (m/f/diverse)

The company

Commerzbank is a leading international commercial bank with branches and offices in almost 50 countries. The world is changing, becoming digital, and so are we. We are leaving the traditional bank behind us and we are choosing to move forward as a digital enterprise.

As part of this strategy, Commerzbank continues the expansion of its Digital Technology Center in Sofia, Bulgaria. We need motivated people who will join us on this journey and we are looking for a Product Owner – Exposure Scanning in our Cyber Defense and Base Services team.

Your tasks:

• Defining and maintaining the Exposure Scanning roadmap, aligning with a broader risk-driven cybersecurity strategy and priorities.
• Managing the product backlog of your owned service. Being responsible for building, editing and maintaining it.
• Leverage industry frameworks and asset criticality to prioritize, drive, and track lifecycle of identified vulnerabilities and exposures from detection to remediation.
• Designing, developing, and maintaining effective scanning strategies to ensure full coverage of the hybrid IT landscape, including on-premises infrastructure, cloud environments, application, external/internet facing assets.
• Guiding and empowering the engineering team to enhance coverage, automation, platform functionality for scanning and reporting.
• Creating and maintaining a reports/dashboard that provide clear visibility into the organization’s security posture.
• Working in an Agile team set up and actively participating in and organizing the weekly meetings of the team.

Your profile:

• Deep understanding and hands-on experience with exposure management platforms that consolidate data from various security modules into a single contextualized view. Deep understanding of the vulnerability management lifecycle. Hands-on experience with enterprise vulnerability management platforms for network, agent-based, and container scanning. Experience with Web application scanning.
• Proven experience with CTEM platforms and attack simulation concepts to identify, visualize, and prioritize critical security gaps.
• Understanding of the cloud architecture. Experience and knowledge of cloud security principles. Understanding of CSPM, CNAPP, “Shift-Left Security” approach will be beneficial.
• Experience in auditing and scanning systems against industry standard security configuration guidelines, such as CIS benchmark.
• Create and maintain detailed product roadmap that outlines prioritized features, enhancements and integrations.

In return, we offer:

• Good work-life balance, including 25 days annual paid leave (increasing with 1 day per year up to 31 in total), flexible working hours, work from abroad and work-from-home opportunities;
• Luxury package of additional health and dental insurance;
• Food vouchers in the amount of 128 BGN monthly;
• 6 additional annual days off for exceptional circumstances;
• Employee assistance program for psychological, financial and legal consultations;
• Multisport card;
• Annual contribution of 300 BGN net per child for a summer camp/school/kindergarten for children up to age of 15;
• Possibilities for building career-advancing skills by covering training/certification courses and conferences based on individual learning and development needs, access to an online learning platform;
• Opportunities for long-term professional development in a stable, 150-year-old company while contributing to the vision of a new, just starting Digital Technology Center;
• Friendly and supportive multicultural environment, open to new opinions and ideas.

Commerzbank is proud to be an equal opportunity employer, committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to gender, race, color, national origin, religion, gender identity or expression, sexual orientation, genetics, disability, age, or any other characteristics.

Challenge accepted? Apply now with your up-to-date CV in English!

Only shortlisted candidates will be invited to interview.