We are looking for a Vulnerability & Exposure Management Analyst to join a mature Cyber Defense Center within a global enterprise environment.

This role sits at the core of the vulnerability lifecycle, acting as a bridge between security, infrastructure, and development teams, ensuring that identified vulnerabilities are properly prioritised, communicated, and remediated.

Rather than focusing on scanning or hands-on remediation, this position plays a key orchestration and advisory role, working closely with internal stakeholders across multiple countries.

Your responsibilities

• Manage the lifecycle of vulnerabilities and exposures:

  • triage, prioritisation, assignment and follow-up

• Analyse vulnerabilities across different domains:

  • infrastructure, web applications, and (in the future) APIs

• Apply risk-based prioritisation using frameworks such as CVSS

• Provide clear and actionable remediation guidance to internal teams

• Collaborate with infrastructure, cloud and development teams to support remediation

• Act as a first point of contact for internal stakeholders, handling:

  • support requests

  • troubleshooting

  • clarification of findings

• Develop and maintain remediation guidelines for:

  • security misconfigurations (Non-CVE)

  • web application vulnerabilities

• Contribute to process improvements, automation and new initiatives

• Monitor and track remediation progress through dashboards and reports

• Help improve the overall vulnerability management operating model

What we’re looking for

Must-have

• 5+ years of experience in Cybersecurity Operations

• Hands-on experience in Vulnerability Management / Exposure Management

• Strong understanding of:

  • CVEs and security misconfigurations

  • risk prioritisation (CVSS or similar)

• Experience across:

  • infrastructure environments

  • web applications (OWASP mindset)

• Solid understanding of:

  • networking, OS (Windows/Linux)

  • Active Directory or IAM environments

• Strong communication skills and stakeholder management

• Experience working with ticketing systems (Jira, ServiceNow, etc.)

• Fluent English

Nice to have

• Exposure to cloud environments (AWS, Azure, GCP)

• Knowledge of CIS benchmarks or hardening standards

• Basic scripting (Python / PowerShell)

• Familiarity with graph-based data (e.g., Neo4j)

What makes this role different

• You will not just detect vulnerabilities — you will drive their resolution

• Highly collaborative role with strong exposure to international teams

• Opportunity to influence processes and shape how vulnerability management is done

• Potential to grow into leadership responsibilities over time

Working environment

• International and English-speaking environment

• Hybrid model (1–2 office days/week)

• Flexible schedule with high autonomy

• Occasional travel within Europe

Compensation & benefits

• Salary: 51k-56k€ (depending on experience)

• Flexible compensation package (~3.7k net/year)

• Private health insurance

• Remote work allowance (1-2 days/week office) and flexible hours

• Wellbeing benefits