Vulnerability Management Analyst

Within this Proximus’ first Belgian center of excellence combining artificial intelligence and cybersecurity, the mission of the Security Management and Incident Response divisions is to protect Proximus, its customers, its business, its operations, and its reputation against any threats, external and internal. You will be fascinated by a highly dynamic environment, a strong collaboration, and very deep technical aspects.

Role description

The Cyber Security Incident Response Team of Proximus Ada is a centralized security service, responsible for managing cyber security incidents within the Proximus Group. The team is responsible for delivering all relevant services to mitigate an incident as quickly and efficient as possible and to keep (higher) management updated on the progress.

As a Vulnerability Management Analyst in CSIRT you are responsible to assess the current state of the corporate systems security by identifying vulnerabilities and supervising remediation initiatives.

The ideal candidate must have keen analytical skills, curiosity, agility, and adaptability.  The ability to work quickly, willingness to work on ad-hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player.

(S)he will have a good general understanding of vulnerability management processes, and will demonstrate a real interest for the domain.

Responsibilities:

• You contribute to the targets prioritization, aiming at progressive coverage completeness.
• You schedule vulnerabilities detection, maintaining functional aspects of the Proximus Group corporate vulnerabilities detection capabilities (Rapid 7).
• You research and maintain proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
• You make sure that periodical reporting is ensured at operational, tactical and strategic levels.
• You provide support to Incident Response team in case of security incidents.
• You contribute to projects validation through ad-hoc and targeted vulnerabilities assessments.
• Together with the Security Officers, you assess and prioritize the detected vulnerabilities; triggers emergency fixing procedures when necessary.
• You ensure proper documentation (remediation/mitigation activities, exceptions requests, etc.) and manage grace periods expiration.
• You ensure that agreed remediation/mitigation actions are implemented.
• You will report to the Enterprise Vulnerability Manager, within the CSIRT team.

Profile:

• Bachelor’s degree in Computer science/ Information security or equivalent combination of education and experience.
• Firmly understand the different categories of vulnerabilities and their potential consequences, depending on the context, and will be able to identify, assess and prioritize vulnerabilities remediation.
• Knowledge of Windows and Unix/Linux operating system configuration.
• Firmly understand network and system architectures.
• Be able to develop Python and Ruby scripts.
• The following qualifications will be considered an asset:
• Solid knowledge of the Proximus organization and teams responsibilities.
• Good knowledge of ethical hacking, firewall and intrusion detection/prevention technologies, or having successfully passed certification in the domain.
• Familiarity with at least one of the following: OWASP, OSSTMM, PTES and NSA Vulnerability and Penetration Testing Standards.
• Knowledge of cloud systems topologies & security.
• Fluent in English (mandatory) and fluent in Dutch and/or French.