Technology Specialist CDO

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

This role is part of the D&T department of HEINEKEN International and is located in Heineken Global Shared Service. D&T is proud to bring cutting-edge innovation, strong technology and advanced analytics to HEINEKEN. With speed and agility, we ensure HEINEKEN has the technological competitive advantages it needs to deliver on its ambition.

The Vulnerability management analyst is part of the Cyber Defense and Operations Tribe and specifically the Threat Prevention Product Team. The analyst is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness.

The Cyber Defense and Operations (CDO) Tribe is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.

The CDO Product Tribe capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threath Intelligence; (2) Offensive Capabilities as Incident Response, Penetration Testing; (3) Threat Hunting Capabilities. Where the Threat Prevention Product focuses on the Identify & Protect.

The CDO Tribe is a growing team, working in a complex and challenging business environment and has an ambitious strategy to implement in the next years. In this context, the CDO Threat Prevention Product Team is seeking to hire an experienced security vulnerability analyst, to be part of the Threat Prevention team. We are searching for new team members who can achieve the exceptional by working collaboratively, who have the courage to risk new ways of doing things and the ability to see the bigger picture in protecting HEINEKEN.

Your responsibilities would include:

• upholding Vulnerability Management processes across the enterprise, and ensuring stakeholders buy-in
• acting as a subject matter expert with regards to Information Security vulnerabilities
• defining and measuring the necessary Vulnerability Management metrics
• combining the various sources of vulnerabilities information – pentests, scans, bug bounties, external researchers etc. – into one coherent picture
• driving the Vulnerability Management activities as part of a specialized Real-time Threat Management team. This includes applying your analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, identify and classify weakness and potential issues, filter out false-positives, aggregate vulnerabilities across assets to assign the appropriate priority and risk level
• supporting identification of vulnerabilities by enhancing vulnerability identification at processing and technology level
• owning, managing, and maturing infrastructure vulnerability scanning process and tools and aligning with vulnerability identification KPIs
• supporting identification, triaging, assignment and remediation of vulnerabilities ensuring that vulnerability management lifecycle is followed
• timely responding to security threats by collaboration with other security teams and providing effective remediation solutions complemented by compensatory controls
• providing data-driven insights into improvement opportunities for the infrastructure vulnerability management process
• preparing reports for technical teams, compliance deliverables and executive management highlighting the current status of infrastructure from a vulnerability management perspective
• driving the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
• proactively researching new methods, tools, and strategies to effectively identify vulnerabilities
• looking for structural solutions over one-time quick fixes.

You are a good candidate if you have:

• a passion for security and enjoys solving problems
• 3+ years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level
• good level of understanding of infrastructure vulnerability scanning tools, EDR solutions
• understanding (technical aspects of) penetration testing and results (including scoping and organizing of pentests, use of vulnerability scanners, vulnerability management tools) and basic knowledge of web application vulnerabilities and standards
• good understanding of IT fundamentals across networking (such as DNS, SNMP, DHCP, IPSEC etc.), system, and application layers
• Bachelor degree or equivalent experience
• the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do
• excellent knowledge of English, written and verbal
• experience with outsourced managed services, using ITIL processes
• knowledge of industry-standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP , NIST, ISO 27001/2, CSA, COBIT)
• basic familiarity with scripting programming e.g. Bash, PowerShell, Python
• relevant expertise in working with vulnerability management tooling (Tenable, EASM, Defender for Endpoints)
• vulnerability remediation tools & techniques
• system security (operating systems, applications), networking, and web applications
• basic knowledge on security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication) and practical knowledge on application security controls
• threat Modelling experience
• basic knowledge on other infrastructure. Eg: Active Directory, DNS, IP Addressing, Azure AD
• ability to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message
• the ability to provide clear, concise and easily consumable communication with key technical and non-technical stakeholders
• team player, can-do mentality
• ability to prioritize and to see “the big picture”, while not losing track of the details.
• skills to work in a complex and highly externalized environment
• interest in continuous self-development through training and learning on the job. Being curious about new developments and technologies; educating yourself.
• critical thinking and contextual analysis abilities
• investigative and analytical problem-solving skills
• strong time management skills and willingness to go above and beyond where required
• ability to work in a highly dynamic environment, with high-pressure situations
• ability to take decisive action based on available information in a timely manner
• ability to research and characterize security threats to include identification and classification of threat indicators
• strong time management skills and willing to go above and beyond where required
• sharing knowledge
• continuous improvement mentality that helps improve and grow the team.

You are a perfect match if you also have:

• familiarity with ServiceNow SecopsVR
• certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar,
• Kusto query language knowledge (KQL).

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.