Security Analyst (f/m/d)

Your new role

As a Security Analyst (f/m/d) – Focus on Vulnerability Management, you will be a central part of our IT security team. Your main responsibilities will include analyzing, validating, and tracking vulnerability findings identified by automated security scanners, external assessments, or penetration tests.

You will work daily with tools like Defect Dojo, support business units in the technical assessment and remediation of findings, and ensure continuous improvement of data quality and efficiency in vulnerability handling. You will also integrate relevant systems (e.g., CMDBs, ticketing platforms, or asset data sources) to gain contextual information for better prioritization.

In addition, you will configure your own vulnerability scans, automate processes through scripting, and contribute your technical expertise to actively enhance the security of our systems.

The work you‘ll do

• Operation and further development of our Vulnerability Management using tools like Defect Dojo
• Analysis, prioritization, and validation of findings from vulnerability scans, penetration tests, or external reports
• Supporting business units in the technical classification, traceability, and remediation of vulnerabilities
• Reducing false positives and improving data quality through technical contextualization
• Tracking and reporting of vulnerability remediation, including deadlines, actions, and associated risks
• Integration of external systems (e.g., CMDB, asset management, ticketing systems) to enrich and enhance the accuracy of findings
• Configuration and setup of security scanners (e.g., Nessus, OpenVAS) and integration into existing workflows
• Automation of processes using Python or Shell to increase efficiency
• Collaboration with Incident Response, Threat Intelligence, or other security teams when needed

The qualifications you need

• A degree in IT security, computer science, or a comparable qualification
• Experience in Vulnerability Management and working with tools such as Defect Dojo, TheHive, Cortex, and MISP for vulnerability, incident, or threat intelligence management
• Technical understanding of IT architectures, vulnerabilities, and their impact
• Familiarity with CVSS, CVE, OWASP Top 10, SANS Top 25
• Proficiency in scripting languages such as Python or Shell, e.g., for automating security processes, data analysis, or API integration
• Experience with vulnerability scanners like Nessus, OpenVAS, or similar tools, including setup, operation, and integration into existing workflows
• Ability to connect external systems such as CMDBs, ticketing systems, or asset data sources to improve the accuracy, prioritization, and traceability of findings
• Ability to communicate complex technical topics in a target group-oriented manner
• Independent and structured working style with strong team skills
• Certifications such as CompTIA Security+, CEH, or GIAC are a plus, but not required
• Excellent German and English skills, both written and spoken

What we can offer you

• An unlimited fixed-term contract
• Flexible working hours and the option to work hybrid (2 days/week in the office)
• Cozy and large workplaces with modern equipment and cordial colleagues in Lisbon (Barata Salgueiro 37) – super central
• Funding of educational trainings and Rosetta Stone language courses
• Additional vacation days (25 instead of 22)
• One of the best health Insurance with great coverage (including family members — free of charge (after probation period)
• Meal allowance card and Pizza discounts
• Subsidy of Urban Sports Membership
• Public transportation subsidy
• Laptop of your choice (Apple, Windows or Linux)
• Regular team and company events
• Fruits and beverages in Office