We are looking for a Vulnerability & Exposure Management Analyst to join a mature Cyber Defense Center within a global enterprise environment.
This role sits at the core of the vulnerability lifecycle, acting as a bridge between security, infrastructure, and development teams, ensuring that identified vulnerabilities are properly prioritised, communicated, and remediated.
Rather than focusing on scanning or hands-on remediation, this position plays a key orchestration and advisory role, working closely with internal stakeholders across multiple countries.
Your responsibilities
* Manage the lifecycle of vulnerabilities and exposures:
-triage, prioritisation, assignment and follow-up
* Analyse vulnerabilities across different domains:
-infrastructure, web applications, and (in the future) APIs
* Apply risk-based prioritisation using frameworks such as CVSS
* Provide clear and actionable remediation guidance to internal teams
* Collaborate with infrastructure, cloud and development teams to support remediation
* Act as a first point of contact for internal stakeholders, handling:
-support requests
-troubleshooting
-clarification of findings
* Develop and maintain remediation guidelines for:
-security misconfigurations (Non-CVE)
-web application vulnerabilities
* Contribute to process improvements, automation and new initiatives
* Monitor and track remediation progress through dashboards and reports
* Help improve the overall vulnerability management operating model
What we’re looking for
Must-have
* 5+ years of experience in Cybersecurity Operations
* Hands-on experience in Vulnerability Management / Exposure Management
* Strong understanding of:
-CVEs and security misconfigurations
-risk prioritisation (CVSS or similar)
* Experience across:
-infrastructure environments
-web applications (OWASP mindset)
* Solid understanding of:
-networking, OS (Windows/Linux)
* Active Directory or IAM environments
* Strong communication skills and stakeholder management
* Experience working with ticketing systems (Jira, ServiceNow, etc.)
* Fluent English
Nice to have
* Exposure to cloud environments (AWS, Azure, GCP)
* Knowledge of CIS benchmarks or hardening standards
* Basic scripting (Python / PowerShell)
* Familiarity with graph-based data (e.g., Neo4j)
What makes this role different
* You will not just detect vulnerabilities — you will drive their resolution
* Highly collaborative role with strong exposure to international teams
* Opportunity to influence processes and shape how vulnerability management is done
* Potential to grow into leadership responsibilities over time
Working environment
* International and English-speaking environment
* Hybrid model (1–2 office days/week)
* Flexible schedule with high autonomy
* Occasional travel within Europe
Compensation & benefits
* Salary: 51k-56k€ (depending on experience)
* Flexible compensation package (~3.7k net/year)
* Private health insurance
* Remote work allowance (1-2 days/week office) and flexible hours
* Wellbeing benefits