Vulnerability Management Analyst – HYBRID

Job Overview

Job Description

Division

As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the company’s business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our CISO division in charge of putting in place the required controls to adequately and effectively protect our information assets.

You will join the Offensive Security Center that manages and coordinates:

Penetration testingRed team ExercisesPurple team ExercisesStatic and Dynamic Code AnalysisVulnerability Management

The Main Responsibilities

Support Vulnerability prioritisation with analysis and assessment of vulnerability and configuration compliance data; identify high risk vulnerabilities or false positivesActively contribute to the configuration of the detection tool, to the permanent quality assessment of this configuration and of linked processes; in this context, you proactively identify potential gaps and propose remediations when neededCreate / maintain necessary documentation and procedures.Assist in findings clarifications for trends in vulnerability scan results, and for (active) threats requiring investigation.Monitor vulnerabilities identified by internal and external scanning and other vulnerability detection tools.Collaborate and exchange relevant information with relevant teams like Threat Intel team, Pentest team, Application Security team or Customer Risk team.Collaborate with Patch Orchestration Team to get insights and assurance on high-risk remediation.Assist in high-risk vulnerability assessments (in collaboration with the Threat Intelligence team and Risk Management)Collaborate with the Security Exception Review Board to provide expertise on vulnerability exception requests made by Product Owners and manage exceptionsProvide on demand information to stakeholders

In this role you will come in contact with the end-to-end process from vulnerability detection to remediation. Within the team, your focus will be on

participating to the configuration of the tools, mainly (but not only) for compliance checks (automation of some TSB – CIS baselines); make sure that operational activities related to those checks are properly documented and executed performing vulnerability and threat assessments mainly in collaboration with the Cyber Threat Management team as well as the Pentest team acting as an expert, sharing your knowledge with the team and delivering expert advice to the Security Exception Review Board. You will work in a team of motivated vulnerability intelligence analysts who will support you as needed.

The ideal candidate also has good logical reasoning skills. He has experience in any of the following domains: vulnerability management, penetration testing, SAST, DAST threat intelligence or has a strong interest with a relevant background and holds relevant certifications or is willing to obtain certifications.

Technical Skills

Good understanding of security practices and risk managementBasic understanding of Network security, Unix/Linux and Windows Operating Systems and general security practices (proven experience in these domains is a plus)Hands on experience with Rapid7 InsightVM is a plusPython scripting / Ansible are a plusExperience in auditing is a plusCISSP, GIAC, CEH, COMPTIA or other relevant security certification is a plus

Soft Skills

Customer friendliness is important as you will have interactions with various stakeholders on different levels.Pro-activeness, monitor quality of what we deliver and identify improvements where needed, ensure qualitative documentation, be transparent on difficulties you encounter, keep track of your tasks and report pro-actively on status…Analytical; Be able to analyze complex data – identify priority solutions to implement and vulnerabilities to remediate. Gain understanding of threat levels.Team-player; in this role you will closely work together with the other members of your team. As such an open, respectful and constructive communication is required and willingness to work towards the common team goals as first priority.Be a good communicator in English, both verbal and writtenBe able to work independently, responsibly and professionally with highly confidential information.

About Us

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer

Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries. Practice your talents in a highly professional international environment. Join a learning and development environment with an emphasis on knowledge sharing and training.Competitive salary and comprehensive benefits.

New ways of working

Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, …). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

About The Team

As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys’ business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.