Temat tygodnia
Zobaczcie, jakie metody stosują pracodawcy, żeby wyłowić największe talenty.
Trwa ładowanie. Prosimy o chwilę cierpliwości.
Data aktualizacji: 2021-05-14
Kraków, małopolskie
Księgowość, BPO/SSC, Analiza
Data aktualizacji: 2021-05-14 Aplikuj
Senior Vulnerability Management Analyst & Cyber Security Analyst
Senior Vulnerability Management Analyst & Cyber Security Analyst

This role is part of the D&T department of HEINEKEN International and is located in Heineken Global Shared Service. D&T is proud to bring cutting-edge innovation, strong technology and advanced analytics to HEINEKEN. With speed and agility, we ensure HEINEKEN has the technological competitive advantages it needs to deliver on its ambition.


The Senior vulnerability management analyst is part of the Cyber Defense and Operations Product Team, and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness.

The Cyber Defense and Operations (CDO) Product Team is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.

The CDO Product Team capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threath Intelligence; (2) Offensive Capabilities as Incident Response, Penetration Testing; (3) Threat Hunting Capabilities.

The CDO Product Team is a fast growing team, working in a complex and challenging business environment and has an ambitious strategy to implement in the next years. In this context, the CDO Product Team is seeking to hire an experienced security vulnerability analyst, to be part of the core CDO team.

Your responsibilities would include:
  • Drive the Vulnerability Management activities as part of a specialized Real-time Threat Management team. This includes applying your analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, identify and classify weakness and potential issues, filter out false-positives, aggregate vulnerabilities across assets to assign the appropriate priority and risk level.
  • Support identification of vulnerabilities by enhancing vulnerability identification at process and technology level.
  • Own, manage, and mature infrastructure vulnerability scanning process and tools and align with vulnerability identification KPIs.
  • Support identification, triaging, assignment and remediation of vulnerabilities ensuring that vulnerability management lifecycle is followed.
  • You will act as the Heineken counterpart in Service Management with our main supplier by being the first point of contact in case of escalations.
  • Timely respond to security threats by collaboration with other security teams and provide effective remediation solution complemented by compensatory controls.
  • Provide data driven insights into improvement opportunities for infrastructure vulnerability management process.
  • Prepare reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective.
  • Work with engineering teams for effective patch management by providing highly customized reports and vulnerability metrics.
  • Provide support for infrastructure penetration testing.
  • Drive the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
  • Proactively research new methods, tools, and strategies to effectively identify vulnerabilities
  • You may facilitate service review sessions with HEINEKEN operating companies where you assess the current services and find potential improvement areas.
  • You look for structural solutions over one-time quick fixes.

You are a good Candidate if:
  • You have 5+  years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level
  • You have advanced level of understanding of infrastructure vulnerability scanning tools, EDR solutions
  • You have understanding (technical aspects of) penetration testing and results (including scoping and organizing of pentests, use of vulnerability scanners, vulnerability management tools) and basic knowledge of web application vulnerabilities and standards
  • You have good understanding of IT fundamentals across networking (such as DNS, SNMP, DHCP, IPSEC etc.), system, and application layers
  • You have Bachelor degree or equivalent experience
  • You have a passion for security and enjoys solving problems
  • You understand the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do.
  • You have excellent knowledge of English, written and verbal 
  • You have experience with outsourced managed services, using ITIL processes
  • You have certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP  or similar

Content/Technical experience:

  • Knowledge of industry standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP , NIST, ISO 27001/2, CSA, COBIT)
  • Basic familiarity with scripting programming e.g. Bash, PowerShell, Python
  • Relevant technical solutions such as vulnerability management tooling (Nessus, Qualys, Defender for Endpoints)
  • Kusto query language knowledge (KQL)
  • Vulnerability remediation tools & techniques
  • System security (operating systems, applications), networking, and web applications
  • Basic knowledge on security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication)
  • Basic knowledge on other infrastructure. Eg: Active Directory, DNS, IP Addressing, Azure AD
  • Basic knowledge of :
    • Penetration testing, Malware engineering
    • Offensive security specialist (e.g pen tester, ethical hacker, etc.)
    • Sysdmin skills (Linux/MAC/Windows)
    • Network admin skills
    • Network security administrator
    • Enabling services (e.g NTP, SMTP, patching, Antivirus)
    • Server infrastructure (VMWare ESXi, storage, Azure, AWS)
    • basic cryptography knowledge (basic algorithm knowledge)
    • DB knowledge
    • authentication protocol knowledge


Soft Skills:

  • Being able to translate technical language into a story that can be understood, and cohesively present it back to  different  stakeholders with a clear message
  • Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders
  • People skills: you can work with people of many different cultures and backgrounds.
  • Able to work in a complex and highly externalized environment
  • Interested in continuous self-development through training and learning on the job. 
  • Critical thinking and contextual analysis abilities;
  • Investigative and analytical problem solving skills;
  • Teamwork, can-do mentality;
  • Strong time management skills and willing to go above and beyond where required
  • Working in a highly dynamic environment, whit high pressure situations
  • Ability to take decisive action based on available information in a timely manner;
  • Ability to research and characterize security threats to include identification and classification of threat indicators;
  • Strong time management skills and willing to go above and beyond where required
  • Be passionate about mentoring and coaching junior resources, sharing knowledge
  • Having continuous improvement mentality that helps improve and grow the team




Events and benefits:
  • Private Medical Healthcare
  • Performance bonus
  • Sodexo card
  • Life insurance
  • Referral program
  • Development opportunities
  • Local and global job opportunities within HEINEKEN
  • ACCA Approved Employer