This is a highly visible role! You will protect our infrastructure by analyzing, remediating, and monitoring breaches, issues, incidents, and vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization. 

Main responsibilities for this Role 

• Vulnerability Management & SecOps Engineer will be responsible for following (but not limited to) responsibilities in day-to-day work: 
• Keep and improve the Vulnerability Management Program of the company. 
• A focal point of contact for Vulnerability scanning schedule, configuration in a tool, and execution as per the schedule. Any failure of scans is to be investigated and scheduled to be re-run. 
• Administration of Qualys Vulnerability Management, Detection & Response (VMDR) and using its various features to enable and support the Vulnerability Management Program. 
• Usage of ManageEngine EndPoint Central, New Relic, and any other tools available in the company in order to take advantage of their features to improve the Vulnerability Management Program and Metrics. 
• Conducts periodical discovery of IT Assets, ensures that identified assets are appropriately tagged, and includes the new assets in the Vulnerability Management tool. 
• Assess the identified vulnerabilities and study & understand the risk profile and impact. 
• Identify any false positives reported and the technical limitations of the vulnerability in the environment and be able to declare and manage it within the Qualys tool. 
• Keep and improve existing scripts to process vulnerability results (i.e. to automatically import them into Jira while matching existing data in Axonius ). 
• Facilitate the process of Risk Acceptance, wherever needed. The candidate will be responsible to coordinating with various stakeholders for proposing, seeking and maintaining the approvals for such cases. 
• Perform Penetration Tests following OWASP and using tools such as Burp Suite or ZAP. 
• Develop and manage a bug bounty program (i.e. write the security researcher conditions, review received vulnerabilities, etc.). 
• Manage vulnerabilities reported by corporate antivirus (i.e. Crowdstrike). 
• Collaborate with Infrastructure teams (Windows, Linux, Networks, etc.) for the remediation/mitigation of the identified vulnerabilities. 
• Maintain the Vulnerability Dashboard for the scope and submits reports to both technical teams and Management.
• Keep and improve the existing server hardening guides, to avoid recurring vulnerabilities. 
• Organize work to achieve compliance with established KPIs for Vulnerability Management and proactively work towards achieving the same. 
• Maintain periodical reporting on the progress. Escalate -discuss and consult- as required to next levels and Management in a timely manner. 
• Participate in meetings with various stakeholders as per the schedules. 
• Liaise with different teams in different geographical zones. 
• Propose, plan, and execute vulnerability service/security service improvement initiatives. Adhere to different policies set out by the organization. Follow and improve existing procedures. 
• Keep your work organized based on tickets (Jira). Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary. 
• Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities. 
• Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability. 
• Help the organization understand advanced cyber threats. 
• Possibility to perform on-call after working hours and weekends. 

Knowledge and skills you need to have
 

• Five years of a university degree or four-year college diploma is required, preferably in computer science, telecommunications, or other related academic fields. Or equivalent work experience. 
• English & Spanish: Full professional proficiency 
• Must have working experience administering and operating Qualys VMDR for a large enterprise. 
• Working and hands-on experience in running a Vulnerability Management process. 
• Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in operating systems (Windows and Linux), networks, databases, and application servers. 
• Good understanding of Reporting needs at various levels of organization and ability to design, create, and present the same. 

Competencies: 
Reading comprehension: You must be able to read and understand the existing procedures, and the tasks assigned on tickets. This is crucial for you to work under minimal supervision and excel. If you are a technical guru but don't understand the assigned tasks in writing, or don't clarify doubts, this is not your job. 
Organization: This position is 50% recurring tasks (i.e. reviewing weekly vulnerability scans), 30% research tasks (i.e. identifying why a vulnerability scan isn't working as expected and solving it together with other teams), 10% chasing other teams (i.e. ensuring that a vulnerability is remedied), and 10% procedures (i.e. improving existing procedures). 
Priorization: You must attend the priorities on the assigned tasks and assign the right priority to the discovered vulnerabilities. 

Bonus points for the following 
Additional requirements, not essential but "nice to have". 

• Any Penetration Testing certification (i.e. CEH, OSCP, GPEN, Pentest+). 
• Any Vulnerability Management certification. 
• Any Qualys certification. Knowledge on CDN and WAF usage and configuration (i.e. Cloudflare, Imperva). 
• Experience in working with Splunk as a SIEM.

We will give you the opportunity to be the best version of yourself, develop professionally and create strong working relationships working remote or on site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do.
We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home....
  

• Competitive remuneration package
• FLEXIBLE WORKING CULTURE: 100% teleworking
• Flexible working schedule
• Intensive summer working hours
• Medical Insurance 
• Dental Insurance
• Flexible Compensation (tiquet Restaurant, kindergarten, transport)
• Referral Scheme per referral hired 
• Career plan designed by and for you
• Very good atmosphere among colleagues

 
If this sounds like the place for you, don’t hesitate to contact us!