We are looking for a Vulnerability Management Consultant to join our Cybersecurity Engineering Professional Services team.
The Vulnerability Management Consultant will focus on the organization and management of vulnerability assessments and their life cycles, ensuring comprehensive identification of cybersecurity weaknesses within multiple clients’ IT infrastructure.
The candidate will have the following duties/responsibilities:
- Assist in the management of vulnerability assessments across multiple clients’ IT infrastructure;
- Support several vulnerability assessment processes, ensuring thorough identification of cybersecurity weaknesses in clients' organizations;
- Analyze vulnerability assessment results to support the definition of severities, potential impacts, and prioritize vulnerabilities for effective mitigation;
- Work closely with multiple clients’ internal teams to assist in the development and implementation of mitigation strategies;
- Maintain clear communication and provide continuous updates on vulnerability status and mitigation efforts;
- Assist in providing critical insights to inform decision-making and enhance multiple clients’ cybersecurity posture;
- Stay up-to-date with the latest cybersecurity trends and technologies.
The candidate should have:
- Attendance of Bachelor’s degree in Computer Science, Information Technology, or a related field;
- Expertise in Vulnerability Management or similar.
- Knowledge of industry compliance, regulations, standards, and frameworks related to cybersecurity, such as ISO 27001, NIST, COBIT, or similar;
- Knowledge in risk management, from identification and evaluation of risks, to developing effective risk mitigation plans, implementing mitigation strategies, and performing ongoing risk monitoring;
- Expertise in OWASP Top Ten vulnerabilities and their respective remediation techniques;
- Expertise in IT infrastructures including on-premises systems, major cloud platforms (e.g. AWS, Azure, GCP), and virtualisation platforms (e.g. VMware ESXi, Hyper-V, KVM, Docker, Kubernetes);
- Knowledge of networking technologies (e.g. Cisco, Juniper, F5), server environments (e.g. Windows, Linux, Unix), and desktop systems (e.g. Windows, Linux, macOS);
- Knowledge of vulnerability assessment frameworks and tools, such as OpenVAS, Nessus, Qualys, or similar;
- Good organizational, analytical, and problem-solving skills.
- Strong sense of ethics, integrity, and responsibility;
- Good communication and teamwork skills;
- Fluency in Portuguese and proficiency in English.
Nice to have:
- Relevant certifications such as CISSP (Associate), CISM, CEH or similar are highly valued;
- Knowledge of specific vulnerability analysis frameworks and tools such as Burp Suite, Metasploit, or similar are highly valued;
- Participation in cybersecurity and vulnerability-related communities, forums, or professional networks.
What we offer:
- Professional development and monitoring talent;
- Commitment to our employees' development;
- Collaboration in a company that is constantly growing and evolving;
- Strong organisational culture: collaboration, sharing, flexibility, integrity and low ego.
Would you like to join our team? Then send your CV.
