Description

The Junior Vulnerability Manager will join the Security team and will be responsible for supporting the management of the vulnerability lifecycle, with a particular focus on the operation and improvement of the scanning process.

Key Responsibilities:

1. Operation and Maintenance of Vulnerability Scans:

• Scan Execution: Perform vulnerability scans using Nessus, including preparing network files to be scanned and validating scan status (often automated; occasional weekend work may be required).

• Troubleshooting: Diagnose and resolve issues when scans fail, including:

  • Network diagnostics (connectivity, port issues, Layer 2/3, next-hop configuration, routing, VLANs/Trunks).

  • Diagnosing issues in Nessus and the Operating System.

  • Analyzing and improving Python scripts responsible for scanning processes.

2. Automation and Data Handling:

• Script Development (Python/Bash/SQL): Develop, modify, and maintain scripts to automate vulnerability management tasks.

• Code Migration: Participate in converting Python 2 scripts to Python 3.

• Database Management (SQL): Retrieve and correlate asset lists with scan database information, create data insertion queries, and process results.

• Data Processing: Use tools such as Regex, Excel (Pivot Tables), and Bash to process, correlate, and prepare scan results for various purposes.

• Quarterly Preparation: Support automation for folder creation in Nessus and asset list processing.

3. Post-Scan and Vulnerability Management:

• Result Handling: Analyze scan results, improving scripts to prevent known false positives.

• Vulnerability Closure: Use Burp (or develop alternative Python scripts) to automate batch closure of resolved vulnerabilities.

• Security Analysis: Assess vulnerabilities to determine if they are false positives (requires basic security knowledge).

• Validation: Perform basic security validations (entry-level pentesting skills) to confirm vulnerability resolution.

• Risk Management: Apply basic risk management knowledge to evaluate and propose vulnerability parking timeframes.

4. Infrastructure and Planning:

• Planning: Map networks and schedule scans, considering average execution times and restrictions.

• System Configuration: Reinstall the operating system and configure Nessus on dedicated laptops (requires Unix knowledge).

• Asset Validation: Correlate new CMDB assets with the networks configured in planned scans (SQL, Bash, Python).

Qualifications

• Security Knowledge (for example knowledge of pentesting)
• Programming skills (Python)
• Network Knowledge
• Unix (important to know network commands, bash commands)
• SQL knowledge
• Brief knowledge of risk management
• Fluency in English and Portuguese.

Additional Info

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees' development;
• Collaboration in a company that is constantly growing and evolving;
• Strong organizational culture: collaboration, sharing, flexibility, integrity and low ego.

The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Company Description

Devoteam Cyber Trust is the specialized cybersecurity unit of the Devoteam Group. With over 800 experts across the EMEA region, our mission is to position cybersecurity as a business enabler, not a barrier. We take a comprehensive approach to Cyber Resilience, Applied Security, and Security Service Management to safeguard the digital journey of large and mid-sized enterprises across all sectors and industries.

Since 2009, previously known as INTEGRITY, our Portugal-based team has specialized in delivering cutting-edge Managed Security Services. By combining expertise with proprietary technology, we consistently and effectively reduce our clients' cyber risk. Our wide range of services includes Persistent Penetration Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management. Certified in ISO 27001 (Information Security) and ISO 9001 (Quality), PCI-QSA, and members of CREST and CIS (Center for Internet Security), we serve a significant number of clients in over 20 countries.