Cyber Security Expert

Descrição do trabalho

• Decskill, founded in 2014 as an IT Consulting Company, places paramount importance on its greatest asset: its people. Our main mission is to deliver value through knowledge and talent, and we achieve this by fostering a culture of excellence and investing in the development and well-being of our people. With over 600 dedicated professionals and offices in Lisbon, Porto, Madrid, and Luxembourg, Decskill operates across three core areas:
• DECSKILL TALENT : We believe that our people are key to our success. Through Decskill Talent, we empower our team to embrace the digital transformation challenges of our clients. We collaborate with clients to drive innovation, ensuring project success and business growth.
• DECSKILL BOOST : Equipping our team with the latest tools and methodologies, we optimize Time-to-Market and deliver innovative solutions exceeding client expectations.
• DECSKILL CONNECT : Our team collaborates closely with clients to implement and manage IT infrastructures that generate long-term value.

At Decskill, we believe that by nurturing and empowering our people to confront the challenges of digital transformation, we create value not only for our clients but also for our entire ecosystem, fostering a digital community dedicated to growth and progress.

We are looking for an Cyber Security Expert !

• Responsibilities :
• Vulnerability Identification
• Supervising the execution of regular scans (using tools like Qualys, Bitsight...) to detect vulnerabilities in software, hardware, and configurations.
• Monitoring threat intelligence feeds and security advisories (e.g., CVE databases) for emerging vulnerabilities
• Risk Assessment & Prioritization
• Evaluating vulnerabilities based on severity (e.g., scores), exploitability, and potential impact
• Ensure that prioritization is followed and understanding the impacts when it is not.
• Remediation Coordination:
• Collaborating with IT, development, and security teams (Pentest, Application Security, Regional teams) to follow up on ticket stock to patch or mitigate vulnerabilities.
• Ensuring timely application of security updates and workarounds.
• Follow up and tracking of findings/Reporting tools:
• Ensure accurate and up-to-date data on relevant ticketing and reporting tools (e.g., Jira):
• Active follow up, review of findings through relevant tools in timely manner and engage stakeholders in remediation process This includes triggering necessary escalations when needed to keep the stakeholders and management aware.
• Application Security analyst must be mindful of the remediation timescales defined by AppSec and relevant policies/procedures therefore expected to act/react in timely fashion ensuring remediation KPI/KRI/SLA.
• Take part in periodic/on demand conversations, emergency situations where necessary to act swiftly sharing the expertise and supporting in the vulnerability and noncompliance management process
• Reporting & Compliance
• Generating reports and KPI’s for stakeholders (e.g., executives, auditors) on vulnerability status and progress of remediation.
• Ensuring compliance with standards (e.g., ISO 27001, NIST, …).
• Continuous Improvement
• Refining vulnerability management processes based on lessons learned and evolving threats.
• Awareness to IT teams on secure coding practices and vulnerability awareness.
• Work on automation scripts to support BAU activity, using Powershell, Python.

• Requirements :
• Field of Expertise: Proven experience in application security. At least 5 years of experience, 3 years of which should be in Vulnerability Management.
• Certifications: Examples: CC, CISSP, CEH, Security+.
• Tools & Methodologies: DevSecOps.
• Application Security Testing tool (e.g. Qualys, AppSpider, Bitsight).
• Vulnerability Management Tools (e.g.: NexusIQ, Fortify, SonarQube).
• OWASP.
• SSDLC (Secure Software Development Life Cycle).
• Power BI knowledge.
• Ticketing Systems (JIRA, ServiceNow).
• Academic Background: Master’s degree in computer science, cybersecurity, or related fields.
• Experience: At least 5 years of practical experience in Vulnerability Management (CVE, CTI,…) and at least in 2 of the following areas:
• Vuln & pen test report reader.
• Software development, review and testing.
• Penetration testing.
• Risk assessment.
• Application/Security Architecture.
• Vulnerability Management Tools (e.g.: NexusIQ, Fortify, SonarQube).
• OWASP.
• Application Security Testing tool (e.g. Qualys, AppSpider, Bitsight).
• Technology stack (web-app, infra, API, thick client, client-server).
• Ticketing Systems (JIRA, ServiceNow).
• Strong interpersonal and communication (spok