View all jobs
Consultant Vulnerability Management - May 2025
remote, remoteFor one of our clients we are looking for an Consultant Vulnerability Management
Project description:
Tasks:
Must-have:
Nice to have:
Capacity: fulltime
Start: ASAP
Location: remote
Duration: till 30.09.2025, extensions possible
Project description:
- The Vulnerability Management Service Optimization project is covering the elimination of the detected software vulnerabilities in the client business systems and external resources. This includes remediation of the vulnerabilities in business applications (on-prem and cloud-based), operating systems (e.g. Windows, Linux), auxiliary software, network devices, web resources and other devices identified by network scanning. The aim of the project is to reduce the overall attack surface (internal and external) thus improving security posture and minimizing risks of an IT landscape penetration and compromising.
Tasks:
- Analysis of security concepts provided by the threat and vulnerability management team in order to identify vulnerabilities in all software layers, outdated, obsolete and not supported technologies, security gaps and insufficiencies of the existing security measures. Assessment, prioritization and presentation of the results to client Cyber Defense Center (CDC) accordingly, including provision of professional consulting about how to provide a sufficient security level of the vulnerable resources corresponding to the existing security standards and best practices along with corresponding measures.
- Provision of professional consultation to the business teams involved in the remediation regarding the ways of remediation of the detected security flaws and vulnerabilities, providing root causes and technical information required for vulnerabilities remediation; provision of the above mentioned professional consultation by email, in virtual meetings via MS teams or by phone based on own professional experience. Presentation of the project progress to the client made visible by the amount of detected vulnerabilities processed from the queue.
- Provision of professional consultancy to external parties and service providers involved in the vulnerabilities remediation process (consultation regarding vulnerabilities) with the aim of controlling and validation of the timelines and the quality of the offered and implemented remediation. The quality standards are defined by the industry standards – ENISA, NIST or ISO 27001. Additional confirmation of the remediation is done by cybersecurity scanners and tools provided by the Cyber Defense Center in advance.
- Provision of professional expert consultation to teams on how to avoid potential security flaws / vulnerabilities on the supported resources by means of the system hardening and a proper service configuration. The guidance is based on industry best practices (defined in international standards) and Information Security Vulnerability Management Procedure provided by the client in advance.
- Steering the escalation activities related to the vulnerability management by using best practices principles according to industry, testing, understanding of frameworks provided by NIST, ISO27001, ENISA. Provision of technical consultation to the CDC team to adequately cope with security risks connected with the detected flaws and vulnerabilities and their mitigation. The process of escalations are handled fully by the CDC team.
- Documentation of all vulnerability remediation tasks taken in the project, their initial and current states, working time spent as well as planned / scheduled actions (in Word, Excel, OneNote).
Must-have:
- At least five years of professional experience in IT security at larger companies.
Nice to have:
- Knowledge of ServiceNow and Infoblox.
Capacity: fulltime
Start: ASAP
Location: remote
Duration: till 30.09.2025, extensions possible