Vulnerability Management Analyst

About the role

• Our Security & Risk Management team is integrated in the Digital Technology (DT) department.

• As a Vulnerability Analyst, your main goal will be to find and help fix security weaknesses in our systems. This includes everything from software and operating system flaws to mistakes in how our platforms are set up, even in the cloud.

• You will be accountable for:

  • Vulnerability Detection & Assessment: Proactively identify and evaluate security weaknesses. This involves:

    • Leveraging industry-leading vulnerability management platforms (e.g., Qualys, Microsoft Defender) for scanning and analysis.

    • Staying abreast of the threat landscape through subscriptions to security bulletins from authoritative sources (e.g., CISA) and vendor advisories.

  • Risk Prioritization: Accurately prioritize identified vulnerabilities based on their potential impact and exploitability. This requires a strong understanding of CVSS (Common Vulnerability Scoring System) scores and exploit intelligence.

  • Remediation Support & Coordination: Facilitate the efficient mitigation of vulnerabilities:

    • Escalate as necessary for emergency mitigation scenarios.

    • Evaluate the effectiveness of implemented remediation controls and adjust prioritization accordingly.

    • Provide timely and clear information to relevant teams (e.g., system owners, IT operations) about identified vulnerabilities, their severity, and potential impact.

    • Offer guidance and support to system owners on effective remediation strategies, pointing them to resources and best practices. You'll also assist in assessing the effectiveness of mitigation measures and adjusting prioritization as needed.

  • Continuous Monitoring & Reporting: Ensure end-to-end oversight and clear communication of vulnerability management efficacy:

    • Monitor the execution of the vulnerability management lifecycle, tracking progress and compliance.

    • Measure the compliance ratio of systems against the established prioritization matrix.

    • Generate weekly operational reports, providing clear insights into monitored aspects, visibility gaps, and leveraging automation where feasible.

  • Stakeholder Guidance: Provide actionable guidance to system owners on effective remediation strategies.

• We offer a permanent contract based on hybrid working mode.

About you:

• Relevant education degree or equivalent in Cybersecurity, Computer Science, Information Technology, or a comparable field.

• Relevant work experience in Vulnerability Management or Cybersecurity Analysis.

• Competencies:

  • Deep understanding of vulnerability classes: Proficient in identifying and analyzing software bugs, OS flaws, and critical misconfigurations across diverse environments, including on-premises infrastructure and hyperscale cloud platforms (AWS, Azure, GCP).

  • Proficiency with VM tooling: Hands-on experience with enterprise-grade vulnerability scanners and security posture management platforms (e.g., Qualys, Tanium, Crowdstrike, Windows Defender).

  • Threat & Risk Assessment: Demonstrated ability to assess technical risk, interpret CVSS scores, leverage threat intelligence, and understand exploit methodologies to prioritize vulnerabilities effectively.

  • Operating Systems & Network Protocols: Strong grasp of Windows and Linux, as well as TCP/IP, common network services, and security controls (e.g., firewalls, IDS/IPS).

  • Security Frameworks: Familiarity with common cybersecurity frameworks (e.g., NIST, ISO 27001) is a plus.

  • Scripting/Automation: Practical scripting skills (e.g., Python, PowerShell) for automation, data analysis, and reporting are highly advantageous.

  • Reporting & Analytics: Experience in developing clear, concise, and actionable reports for technical and executive audiences, potentially leveraging SIEM or dedicated reporting tools.

• Behaviors:

  • Strong attention to detail to ensure thorough identification and analysis of vulnerabilities.

  • Ownership and pride in maintaining the organization’s security integrity.

  • Ability to articulate complex technical issues and risks clearly and concisely, both verbally and in written form, to diverse stakeholders, from technical teams to senior leadership.

  • Proactive in identifying and addressing security weaknesses to prevent potential breaches.

  • Collaborative mindset to work effectively with IT, security, and application teams.

About the pay and benefits

• Attractive and equitable pay for all: compensation is determined within a range to foster your development in the role. While the primary country (Portugal) base pay reasonably expected for this role is 35 600 euros to 53 400 euros, your salary may ultimately be higher or lower based on your skills and experience. Additionally, we provide a competitive total rewards package that includes a bonus and/or other incentives.
• Solvay Cares program: minimum of 16 weeks of parenting leave for all employees and package with healthcare, disability and life insurance coverage.
• Prioritization of well-being: work-life balance promotion, flexible approach to work part-time or hybrid work arrangements (depending on the type of job), employee assistance program with access to physical and psychological support.
• Professional development: prioritization of internal talents for career progression, access to a training platform, opportunities to join Employee Resource Groups (ERG) for experience sharing and mentorship and free language courses.

#LI-Hybrid #middle