Technology Specialist CDO

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

Your responsibilities would include:

• upholding Vulnerability Management processes across the enterprise, and ensure stakeholders buy-in
• acting as a subject matter expert with regards to Information Security vulnerabilities
• defining and measuring the necessary Vulnerability Management metrics
• combinging the various sources of vulnerabilities information – pentests, scans, bug bounties, external researchers etc. – into one coherent picture
• driving the Vulnerability Management activities as part of a specialized Real-time Threat Management team. This includes applying your analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, identify and classify weakness and potential issues, filter out false-positives, aggregate vulnerabilities across assets to assign the appropriate priority and risk level
• supporting identification of vulnerabilities by enhancing vulnerability identification at process and technology level
• owning, managing, and maturing infrastructure vulnerability scanning process and tools and align with vulnerability identification KPIs
• supporting identification, triaging, assignment and remediation of vulnerabilities ensuring that vulnerability management lifecycle is followed
• timely responding to security threats by collaboration with other security teams and provide effective remediation solution complemented by compensatory controls
• providing data driven insights into improvement opportunities for infrastructure vulnerability management process
• preparing reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective.
• driving the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
• proactively researching new methods, tools, and strategies to effectively identify vulnerabilities
•  looking for structural solutions over one-time quick fixes.

You are a good candidate if you have:

• knowledge of industry standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP , NIST, ISO 27001/2, CSA, COBIT)
• basic familiarity with scripting programming e.g. Bash, PowerShell, Python
• relevant expertise in working with vulnerability management tooling (Tenable, EASM, Defender for Endpoints)
• knowledge of vulnerability remediation tools & techniques
• knowledge of system security (operating systems, applications), networking, and web applications.

You are a perfect match if you also have: 

• familiarity with ServiceNow SecopsVR 
• kusto query language knowledge (KQL). 

We Offer: