Security Engineer (Vulnerability Management)

We're hiring a Security Engineer (Vulnerability Management)  to join our cybersecurity team. Your main responsibility will be to assess our applications, systems, and networks to identify any deviations from acceptable configurations, or policies. Additionally, you will detect attacks against our applications, networks, and hosts by contributing to the implementation of detective IT systems.

Your goal will be to measure the effectiveness of security measures against both known and unknown vulnerabilities.

Cybersecurity is key in all of our products and internal processes, as such, you will work closely with various stakeholders to ensure the security and integrity of our systems and networks. Your contributions will have a massive impact on the organisation. 

You can be located anywhere in Europe, as our work is 100% online. The position is full-time.

• Analyse organisations cyber defense policies and configurations and evaluate compliance with regulations and organisational directives.
• Conduct and/or support authorised penetration testing on enterprise network assets.
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
• Develop threat model based on customer interviews and requirements.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.

The ideal candidate for us has experience in the majority of the following areas (we are not expecting everything!)

• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. For example: GDPR.
• Knowledge of cyber threats and vulnerabilities. 
• Knowledge of cybersecurity and privacy principles and organisational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
• Knowledge of programming language structures and logic.
• Knowledge of system administration, network, application, and operating system hardening techniques.
• Experience in conducting vulnerability scans and recognising vulnerabilities in systems.
• Experience in assessing the robustness of security systems and designs.
• Experience in the use of penetration testing tools and techniques.
• Experience to apply cybersecurity and privacy principles to organisational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Experience in testing and evaluating tools for implementation.
• Experience in prioritising work and making risk-based decisions, including remediation recommendations.
• Skill in effectively communicating with technical and non-technical stakeholders, both orally and in writing.
• Skill in working with independence and influencing stakeholders without formal authority.
• Ability to apply techniques or tooling for detecting application, host and network-based intrusions using intrusion detection technologies.

The following are nice-to-haves:

• Ability to detect attacks against applications, networks and hosts and react accordingly.
• Ability to employ information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property.
• Experience with Ethereum and the crypto markets (either professionally or as a hobby