工作描述
We are seeking a consultant to work with projects and project teams within the offensive security area, providing technical support, resolving incidents, and driving continuous improvement initiatives. The role also includes team leadership, client interaction, and contribution to advanced Red/Purple Team activities.
Responsibilities
Managed Security Service Vulnerability Management: manage vulnerabilities on a day-to-day basis from identification to priorization and assignment.
Continuous vulnerability identification and prioritization: Operate and tune scanning platforms, correlate threat intelligence, and apply risk-based scoring to surface exploitable weaknesses aligned to business impact.
Remediation coordination and governance: Drive patching and mitigation workflows across infrastructure and application owners, enforce SLAs, and track closure through ticketing, reporting, and audit-ready evidence.
Provide technical support to client, delivery teams and pre-sales activities.
Program reporting and optimization: Deliver executive-level metrics, trend analysis, and compliance mapping (e.g., ISO 27001, NIST, CIS), while refining tooling, processes, and coverage to improve overall security posture.
Proposal of improvement initiatives within the area (training, new audit/business lines, etc.).
Resolution of problems and incidents.
Lead interviews and review internal working procedures.
职位要求
Qualifications
Bachelor’s or master's degree in computer science, Information Security, or related field.
Proven experience in Security Service Vulnerability Management, including planning, execution tracking, report review, validation, and client presentation.
Solid experience in pentesting of web environments, APIs, systems, networks, and mobile applications.
Advanced knowledge of networks.
Excellent leadership, communication, and stakeholder management skills.
Advanced knowledge of Infrastructure Hacking: WiFi, internal network attacks (Active Directory).
Advanced scripting skills in multiple languages and the ability to modify scripts in less common languages.
English level B2, spoken and written.
Experience handling confidential information.
Proficiency in office productivity tools.
Excellent leadership, communication, and stakeholder management skills.
Demonstrated strong teamwork, collaboration and communication skills in professional environments with the ability to quickly learn and adapt to new technologies and processes.
Qualifications
Certifications such as:
OSCP, OSWP, OSEP, eMAPT, WAPTX, OSWE, CRTO, CRTP
Management certifications as:
CISSP, CISM
Knowledge of frameworks and regulations such as TIBER, DORA, ENS.
Experience in defining and planning TIBER and TLPT exercises.
Additional Information
Flexibility for occasionally travels within Europe for key project deliveries and client meetings.
