Vulnerability Management Analyst

SoCyber is a cybersecurity company on a mission to solve complex cybersecurity problems, and help organizations across all industries and sizes fortify their cybersecurity defenses. We provide a wide range of security, compliance and vulnerability management solutions.

Our passionate team of experts is working on projects covering the full spectrum of digital and physical infrastructure. SoCyber is partnered with leading organizations worldwide, offering you the chance to learn from seasoned professionals and make a real difference in the fight against cyber threats.

We are a tight and supportive team, dedicated to learning and growing together. If you are looking to progress your career by solving complex problems in a competitive environment, apply today!

We are seeking a Threat and Vulnerability Management Analyst/Consultant to expand our company’s vulnerability management team. This role involves configuring various network-based, container, and web application scans, identifying vulnerabilities, and ensuring they are assigned to the appropriate business owners. You will be responsible for increasing asset coverage with vulnerability scanning agents and participating in container sensor deployments. Additionally, you will provide security advisory services to business stakeholders and validate the implementation of effective remediation or mitigation measures. Proactivity and attention to detail are essential, including the ability to define new KPIs to continually improve our vulnerability management program.

We offer a flexible hybrid work model, adaptable to current project requirements.

Responsibilities

● Perform vulnerability assessments and policy compliance scanning across company assets, including desktops/laptops, servers, network devices, and web applications.

● Review security baselines for various systems; create and update policies and controls for compliance scanning.

● Analyze vulnerability and compliance reports and diligently track remediation activities.

● Evaluate, analyze, and derive actionable threat intelligence from diverse sources (open-source, commercial, private) to deliver high-quality reports tailored for both technical and executive audiences.

● Conduct vulnerability assessments within containerized environments (specifically Azure Kubernetes Service – AKS).

● Analyze security concepts developed by the threat and vulnerability management team to identify vulnerabilities across all software layers, pinpoint unsupported/obsolete technologies, and detect security gaps or weaknesses in existing measures.

● Consult with business teams on remediation strategies for identified security flaws and vulnerabilities, providing the necessary technical guidance for remediation.

● Liaise with external parties and service providers involved in the vulnerability remediation process; oversee timelines and validate the quality of implemented solutions.

● Consult on and coordinate the creation of various vulnerability management KPI reports using Power BI.

Required Skills and Experience

● Experience with Azure IaaS and Azure AKS, including securing container orchestration platforms.

● Proficiency with Qualys scanning tools for web application scanning, vulnerability management, and policy compliance.

● Ability to deliver both high-level and technical briefings on emerging threats and vulnerabilities, collaborating effectively with extended cyber teams for risk assessment.

● Experience with Microsoft Server Environments and Active Directory.

● Experience with Microsoft 365 & Azure, particularly in monitoring and security aspects.

● Knowledge of cyber and cloud security standards & frameworks (e.g., NIST, ISO 27001) and their application to architecture, design, operations, controls, technology, and solutions.

● Solid understanding of IT systems, processes, network infrastructure, data architecture, and protocols.

● Outstanding verbal communication skills in English, with the ability to explain technical concepts clearly to non-technical and executive audiences.

● Excellent English writing skills for creating technical documentation and process improvements (e.g., policies, reports).

● Ability to explain complex topics effectively to diverse audiences.

● Strong attention to detail and a commitment to delivering high-quality work.

● A relevant and recognized professional Security, Risk, or Compliance certification (e.g., CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, CRISC).

● Ability to collaborate effectively with international teams, on slightly different time zones (1-3 hours).

Nice to Have (Preferred Qualifications)

● Experience with API integrations.

● Experience conducting source code reviews (familiarity with specific programming languages is beneficial).

● Demonstrated initiative through involvement in research projects, security tool development, or training delivery.

What We Offer

● 25 Days off

● Additional health and dental insurance

● Hybrid working

● Friendly and relaxed environment

● Competitive remuneration

● Career development in a progressive and innovative environment