Share this Job
Apply now »

Technology Specialist - CDO (vulnerability management analyst)

At D&T we are committed to making Heineken the most connected brewery. We digitize and integrate our processes to ensure first-class technology in the company. IT’s on us!

By joining us you will have a direct impact on building the future of Heineken!

We are looking for IT specialists who are passionate about constantly developing, who can work independently and find themselves in an international team, who share our values ​​and who like to relax with a beer at the end of a busy day. 

 

Your responsibilities would include:

 

  • Upholding Vulnerability Management processes across the enterprise, and ensure stakeholders buy-in.
  • Acting as a subject matter expert with regards to Information Security vulnerabilities
  • Defining  and measuring the necessary Vulnerability Management metrics.
  • Combining the various sources of vulnerabilities information – pentests, scans, bug bounties, external researchers etc. – into one coherent picture.
  • Driving the Vulnerability Management activities as part of a specialized Real-time Threat Management team. This includes applying your analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, identify and classify weakness and potential issues, filter out false-positives, aggregate vulnerabilities across assets to assign the appropriate priority and risk level.
  • Supporting identification of vulnerabilities by enhancing vulnerability identification at process and technology level.
  • Owning, managing, and maturing infrastructure vulnerability scanning process and tools and align with vulnerability identification KPIs.
  • Supporting identification, triaging assignment and remediation of vulnerabilities, ensuring that vulnerability management lifecycle is followed.
  • Timely responding to security threats by collaboration with other security teams and providing effective remediation solution complemented by compensatory controls.
  • Providing data driven insights into improvement opportunities for infrastructure vulnerability management process.
  • Preparing reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective.
  • Working with engineering teams for effective patch management by providing reports and vulnerability metrics.
  • Providing support for infrastructure penetration testing.
  • Driving the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
  • Proactively researching new methods, tools, and strategies to effectively identify vulnerabilities
  • Looking for structural solutions over one-time quick fixes.

 

You are a good Candidate if:

 

  • You have 3+  years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level
  • You have a good level of understanding of infrastructure vulnerability scanning tools, EDR solutions
  • You have understanding (technical aspects of) penetration testing and results (including scoping and organizing of pentests, use of vulnerability scanners, vulnerability management tools) and basic knowledge of web application vulnerabilities and standards
  • You have a good understanding of IT fundamentals across networking (such as DNS, SNMP, DHCP, IPSEC etc.), system, and application layers
  • You have Bachelor degree or equivalent experience
  • You have passion for security and enjoys solving problems
  • You understand the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do.
  • You have excellent knowledge of English, written and verbal 
  • You have experience with outsourced managed services, using ITIL processes
  • You have certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar are a plus

 

Content/Technical experience:

 

  • Knowledge of industry standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP , NIST, ISO 27001/2, CSA, COBIT)
  • Basic familiarity with scripting programming e.g. Bash, PowerShell, Python
  • Relevant technical solutions such as vulnerability management tooling (Nessus, Qualys, Defender for Endpoints)
  • Kusto query language knowledge (KQL) is a plus
  • Vulnerability remediation tools & techniques
  • System security (operating systems, applications), networking, and web applications
  • Basic knowledge on security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication) and practical knowledge on application security controls
  • Threat Modelling experience.
  • Basic knowledge on other infrastructure. Eg: Active Directory, DNS, IP Addressing, Azure AD
  • Basic knowledge of :
    • Penetration testing, Malware engineering
    • Offensive security specialist (e.g pen tester, ethical hacker, etc.)
    • Sysdmin skills (Linux/MAC/Windows)
    • Network admin skills
    • Network security administrator
    • Enabling services (e.g NTP, SMTP, patching, Antivirus)
    • Server infrastructure (VMWare ESXi, storage, Azure, AWS)
    • basic cryptography knowledge (basic algorithm knowledge)
    • DB knowledge
    • authentication protocol knowledge

 Soft Skills:

 

  • ability to translate technical language into a story that can be understood, and cohesively present it back to  different  stakeholders with a clear message
  • ability to provide clear, concise and easily consumable communication with key technical and non-technical stakeholders
  • ability to work with people of many different cultures and backgrounds.
  • being a team player, can-do mentality
  • ability to prioritize and to see “the big picture”, while not losing track of the details.
  • ability to work in a complex and highly externalized environment
  • being interested in continuous self-development through training and learning on the job. Being curious about new developments and technologies; educating yourself.
  • ability to critical thinking and contextual analysis abilities
  • having investigative and analytical problem solving skills
  • having strong time management skills and willing to go above and beyond where required
  • ability to work in a highly dynamic environment, with high pressure situations
  • ability to take decisive action based on available information in a timely manner
  • ability to research and characterize security threats to include identification and classification of threat indicators
  • having strong time management skills and willing to go above and beyond where required
  • having sharing knowledge skills
  • having continuous improvement mentality that helps improve and grow the team


Job Segment: Information Systems, Information Security, Manager, Network, Linux, Technology, Management

Apply now »