Join our team at AMGEN Capability Center Portugal, the #1 company in Best Workplaces™ (201–500 employees' category) in Portugal in 2024 by the Great Place to Work Institute. With over 500 talented individuals from more than 40 nationalities, our Lisbon center thrives at the intersection of innovation, excellence, and inspiration. This is your opportunity to explore the future of healthcare through technology and digital innovation, supporting our mission To Serve Patients.

What you will do

• Identifying, assessing, prioritizing, and tracking the remediation of vulnerabilities across the organization’s technology stack
• Analyzing vulnerability scan data and correlating threat intelligence (e.g., KEV, EPSS)
• Working closely with infrastructure, application, and business teams to drive risk-based remediation
• Leading the analysis and validation of vulnerability scan results from enterprise tools such as Tenable.sc, Qualys VMDR, or Rapid7 InsightVM, ensuring false positives are triaged and risk assessed accurately
• Developing and refining vulnerability prioritization frameworks that integrate CVSS v3.1, KEV, EPSS, asset criticality, exploit availability, and environmental factors
• Partnering closely with infrastructure, DevOps, and application security teams to drive timely remediation and provide expert-level technical guidance on compensating controls, configuration hardening, and patch deployment strategies
• Integrating threat intelligence feeds and SIEM data to correlate vulnerabilities with real-world exploit trends and potential attack vectors
• Building and maintaining executive dashboards and risk metrics that measure vulnerability exposure, remediation SLAs, and program maturity
• Overseeing cloud vulnerability management activities across AWS, Azure, and GCP using tools such as Prisma Cloud, AWS Inspector, or Microsoft Defender for Cloud
• Contributing to and enhancing vulnerability management policies, standards, and operating procedures aligned with frameworks such as NIST CSF, ISO 27001, and CIS Controls
• Supporting audit readiness and providing evidence for internal and external audits (e.g., SOX, PCI DSS, ISO 27001)
• Mentoring junior analysts in best practices for vulnerability analysis, prioritization, and remediation coordination

What we expect of you

• Bachelor’s degree with 1–2 years of experience in Cybersecurity, Information Systems, or related technical discipline OR
• Bachelor’s degree with 4–6 years of experience in Cybersecurity, Information Systems, or related technical discipline OR
• Diploma with 7–9 years of experience in vulnerability management, security operations, or threat and risk management
• Strong hands-on experience with enterprise-grade VM tools (Tenable.sc, Qualys VMDR, or Rapid7 InsightVM)
• Proven experience developing or managing vulnerability management programs across hybrid infrastructure (on-prem and cloud)
• Professional Certifications required: CompTIA Security+ or CySA+, GIAC GSEC / GCIH, Qualys Vulnerability Management Specialist (QVMS), Tenable Certified Nessus Auditor (TCNA), AWS Certified Security – Specialty or Azure Security Engineer Associate

Must-Have Skills

• Advanced understanding of the vulnerability lifecycle, remediation workflows, and risk-based prioritization
• Expertise with CVSS, KEV, EPSS, and asset criticality modeling
• Strong understanding of network, OS, application, and cloud security architectures
• Ability to correlate vulnerabilities with threat intelligence and adversary tactics (MITRE ATT&CK framework)
• Experience integrating vulnerability data with SIEM, CMDB, or GRC platforms (e.g., Splunk, ServiceNow, Archer)
• Exposure to vulnerability risk quantification or attack surface management platforms
• Leadership & Mentoring: Capable of guiding junior analysts and fostering a culture of proactive security improvement
• Analytical Thinking – Ability to interpret complex data sets and assess risk effectively
• Attention to Detail – Precision in identifying and tracking vulnerabilities and remediation status
• Communication Skills – Ability to communicate technical findings to both technical and non-technical audiences
• Collaboration & Teamwork – Able to work across IT, DevOps, and security teams to drive resolution
• Cross-Functional Influence: Strong collaboration across security, IT, DevOps, and compliance teams
• Curiosity & Continuous Learning – Willingness to stay current with evolving threats and technologies
• Problem-Solving Mindset – Capability to identify solutions to security weaknesses in diverse environments

What you can expect of us

• Comprehensive benefits in healthcare, finance, and well-being
• Hybrid work model with time split between our Lisbon office and remote work
• Access to certifications, trainings, mentorship, and career mobility
• Work That Matters – Build tech that accelerates scientific breakthroughs and helps patients worldwide
• Modern Tech Stack – Cloud-first, automation-focused, AI-powered
• Global Scale, Agile Mindset – Collaborate across continents while working in nimble, high-impact teams

Compensation

201–500