Vulnerability Analyst

Mendix is a low-code app development platform:
First, what is low-code? Low-code is a visual approach to software development that enables you to abstract and automate every step of the application lifecycle. Gartner predicts that “by 2024, low-code application development will be responsible for more than 65% of application development activity.” Mendix is repeatedly ranked a Leader in analyst reports from Gartner and Forrester. In the 2021 Gartner® Magic Quadrant for Multiexperience Development Platforms, Mendix placed at the very top of the Leaders quadrant.  Mendix, the global leader in enterprise low-code, was created to promote collaboration between Business & IT teams. Thousands of forward-thinking companies around the world like Ford Auto, Rabobank Netherlands, Zurich Insurance, and Red Bull, can unleash their best ideas faster with the help of the Mendix Platform.   Mendix is a Siemens Business: Siemens is a Top 10 Global Software Company and a leader on Fast Company’s Most Innovative Companies in the World! With the acquisition of Mendix in 2018, Siemens Digital Industries Software is driving transformation to enhance the digital enterprise where engineering, manufacturing and electronics meet the future of innovation. Mendix employees have the opportunity to work in a hyper-growth environment with the support of Siemens’ unbeatable market position and resources. 
Mendix is recruiting for a Vulnerability Analyst to join the Product Security team at our Rotterdam, Netherlands office.The successful candidate will be responsible for:
Analysis, assessment, evaluation and documentation of incoming issues/security reports from various resources like HackerOne, our penetration testers, customer tickets and internal toolsManage and monitor tools related to the cloud technologies that play a vital role in protecting the organization’s and customers’ dataVerify security fixes and solutions implemented by teams in response to found issues and vulnerabilitiesDevelop awareness on secure software delivery from a hacker’s perspective within our product development teams and improve maturity of the overall security posture in MendixThrive for continuous improvements to processes and automate wherever it makes sense 

Role Requirements:

• Ideally a Bachelor’s degree in Computer Science or comparable experience and knowledge
• High level of initiative and self-direction
• Sound knowledge, skills and confidence in using scripting language(e.g. python) and web-based testing frameworks
• Solid analytical skills, ability to reproduce and pinpoint issues and validate fix implementations in various stacks and technologies
• Solid understanding of vulnerability calculation methods like CVSS
• Excellent communicator in English, both written and spoken while being able to convey information effectively at multiple levels of sensitivity and for various audiences
• Teamwork ability and willingness to help and assist colleagues

An independent and active security certification is a plus but not required, for example: 

• Certified Security Analyst (ECSA)
• Licensed Penetration Tester(LPT)
• Offensive Security Certified Professional(OSCP)
• Offensive Security Certified Web Expert(OSWE)
• GIAC Penetration Tester(GPEN)

Working for Mendix and with our Customers means your reliability has to be beyond any doubt, and therefore every employment is subject to a onboarding screening and the condition precedent a Certificate of Conduct is provided that demonstrates you did not commit any offences that are relevant to the performance of your function.

#LI-PN1