Senior Vulnerability Assessment and Mitigation Consultant

Company Description

Devoteam Cyber Trust is the Cybersecurity specialist arm of the Devoteam Group. With our 800+ experts located across EMEA, we aim to establish cybersecurity as an enabler of business success rather than a gatekeeper. We leverage an end-to-end approach to Cyber Resilience, Applied Security, and Managed Security services to secure the tech journey of large and medium-sized companies from all sectors and industries.

Since 2009, previously known as INTEGRITY, our team based in Portugal is specialised in providing cutting-edge Managed Security Services that combine its expertise and proprietary technology to consistently and effectively reduce the cyber risk of our clients.

The comprehensive service range includes Persistent Intrusion Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management. ISO 27001 (Information Security) and ISO 9001 (Quality) certified, PCI-QSA, and member of CREST and CIS - Centre for Internet Security, we provide services to a considerable number of clients, operating in more than 20 countries.

Job Description

We are seeking an experienced Vulnerability Assessment and Mitigation Consultant to join our Cybersecurity Engineering Professional Services team.
The Vulnerability Assessment and Mitigation Consultant will focus on the organisation and management of vulnerability assessments and their life cycles, ensuring comprehensive
identification of cybersecurity weaknesses within multiple clients’ IT infrastructure.

The candidate will have the following duties/responsibilities:

• Manage vulnerability assessments across multiple clients’ IT infrastructure.
• Coordinate several vulnerability assessment processes, ensuring thorough identification of cybersecurity weaknesses in clients' organizations.
• Manage and analyze vulnerability assessment results to determine severities, and potential impacts, and prioritize vulnerabilities for effective mitigation.
• Work closely with multiple clients’ internal teams to develop and implement mitigation strategies.
• Maintain clear communication and provide continuous updates on vulnerability status and mitigation efforts.
• Provide critical insights to inform decision-making and enhance multiple clients’ cybersecurity posture.
• Stay up-to-date with the latest cybersecurity trends and technologies.

Qualifications

The candidate should have:

• Bachelor’s degree in Computer Science, Information Technology, or a related field;
• Proven experience as a Vulnerability Management Consultant or similar role;
• Experience with industry compliance, regulations, standards, and frameworks related to cybersecurity, such as ISO 27001, NIST, COBIT, or similar.
• Experience in risk management, from identification and evaluation of risks, to developing effective risk mitigation plans, implementing mitigation strategies, and performing ongoing risk monitoring;
• In-depth knowledge and experience with OWASP Top Ten vulnerabilities and their respective remediation techniques;
• Proficiency in IT infrastructures including on-premises systems, major cloud platforms (e.g. AWS, Azure, GCP), and virtualization platforms (e.g. VMware ESXi, Hyper-V, KVM, Docker, Kubernetes);
• Experience with networking technologies (e.g. Cisco, Juniper, F5), server environments (e.g. Windows, Linux, Unix), and desktop systems (e.g. Windows, Linux, macOS);
• Experience with vulnerability assessment frameworks and tools, such as OpenVAS, Nessus, Qualys, or similar;
• Proficiency in coding languages such as Java, .NET or Python, for IAM automation and integration tasks.
• Great organizational, analytical, and problem-solving skills;
• Strong sense of ethics, integrity, and responsibility;
• Great communication and teamwork skills;
• Fluency in Portuguese and high proficiency in English.

Nice to have:

• Relevant certifications such as CISSP, CISM, CEH, OSCP or similar are highly valued;
• Experience with specific vulnerability analysis frameworks and tools such as Burp Suite, Metasploit, or similar are highly valued;
• Participation in cybersecurity and vulnerability-related communities, forums, or professional networks.

Additional Information

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees' development;
• Collaboration in a company that is constantly growing and evolving;
• Strong organisational culture: collaboration, sharing, flexibility, integrity and low ego.

Would you like to join our team? Then send your CV.