For a big client in Brussels, we are looking for a security expert.
The department you'll be working in has a mission to:
- Enable sound and formal information security risk decision making
- Help management with implementing a proper information security management system
The vision of this team is to support Counter cybercrime objective by demonstrably ‘best in class’ preparation and response to unauthorized cyber activity.
This is done by providing the following services:
- support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks.
- triggered by a request / incident / event identified by an intrusion detection system or reported by human.
As a Vulnerability Management Advisor you will carry the following responsibilities:
Execute recurrent Vulnerability Detection on infrastructure and application scanning using Qualys scanning tool.
Coordinate Penetration Testing/Ethical Hacking engagements. It consists of:
- Scoping phase; where the scope (e.g.: features, channels, brand, vulnerability to retest,..) of a planned test is determined.
- Preparation phase; where the scope is prepared for the test. This includes check if the features are deployed in the test environment, required test data, authentication and authorization tokens are available, documentation is provided, environment is prepared, etc.
- Testing phase; this is the execution moment itself.
- Reporting Phase: when the draft, and final reports are delivered to test requestors.
Coordinate Vulnerability Remediation and provide support to IT teams with their vulnerability remediation activities.
Provide Vulnerability Reporting to all levels of stakeholders on vulnerability remediation status. Maintain relevant solution in central Governance, Risk and Control tooling.
Continuously improve Vulnerability Governance
- Ensure requirements are captured in bank policies and standards;
- Describe and implement clear Roles and responsibilities;
- Maintain functional architecture framework;
- Maintain and automate the Process;
- Define remediation SLA and ensure its endorsement by all levels.
We are looking for:
- Bachelor/Master or equivalent by experience in IT
- Fluent in English, French is also a big plus
- 1-5 years of experience within the IT domain with 1+ years of specialization in vulnerability management and general security operations.
- Operational experience in maintaining vulnerability scanning environments especially Qualys
- Knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, POP3, HTTP, FTP, and SSH
- Working experience with reporting preferably using RSA Archer eGRC
- Web Application Security Development. (OWASP)
- Solid understanding of network and vulnerability scanning architecture
- Knowledge of ITIL based operational processes.
- Prior experience of working in Agile operating model
These are a plus:
- In-depth understanding of security devices such as firewalls, proxies, IDS/IPS, …
- Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Lunix, etc.);
- CISSP certification
- Penetration Tester experience
- Prior experience of working in/for financial institutions;
Who are you?
- Team player
- Quick self-starter, pro-active attitude, strong time management
- Good Communication and Influencing skills
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Strong intuition and ability to think “outside the box”
- Attention to detail while seeing the bigger picture
- Ability to provide on-the-job training and knowledge sharing to other analysts
- Solid sense of integrity and identification with the mission.
- Ability to process large amounts of information
- Desire to script and automate repetitive parts of the job.