Job Description:Vulnerability management is crucial to identify, classify, prioritize, and remediate vulnerabilities in an organization's systems and applications, reducing the risk of cyber attacks, data breaches, and system compromises, and ensuring the confidentiality, integrity, and availability of sensitive data and assets.This candidate will be responsible for reviewing/regularly analyzing the security compliance of applications in production to ensure ongoing adherence to security policies and standards. The ideal candidate will have a strong understanding about security testing solutions (DAST...) and related results / reports (how to understand and act on it).The candidate will also be responsible for Addressing vulnerabilities by driving and monitoring the remediation process for identified security vulnerabilities and non-compliance within applications to ensure timely resolution and by creating/updating the security procedures and guidelines to improve and standardize security practices. The candidate will collaborate with internal teams to promote good practices in application security and ensure the security and integrity of our applications.Main Tasks:- Vulnerability Identification - Supervising the execution of regular scans (using tools like Qualys, Bitsight...) to detect vulnerabilities in software, hardware, and configurations. - Monitoring threat intelligence feeds and security advisories (e.g., CVE databases) for emerging vulnerabilities\" - Risk Assessment & Prioritization - Evaluating vulnerabilities based on severity (e.g., scores), exploitability, and potential impact. - Ensure that prioritization is followed and understanding the impacts when it is not. - Remediation Coordination: - Collaborating with IT, development, and security teams (Pentest, Application Security, Regional teams) to follow up on ticket stock to patch or mitigate vulnerabilities. - Ensuring timely application of security updates and workarounds. - Follow up and tracking of findings/Reporting tools: - Ensure accurate and up-to-date data on relevant ticketing and reporting tools (e.g., Jira): - Active follow up, review of findings through relevant tools in timely manner and engage stakeholders in remediation process This includes triggering necessary escalations when needed to keep the stakeholders and management aware. - Application Security analyst must be mindful of the remediation timescales defined by AppSec and relevant policies/procedures therefore expected to act/react in timely fashion ensuring remediation KPI/KRI/SLA. - Take part in periodic/on demand conversations, emergency situations where necessary to act swiftly sharing the expertise and supporting in the vulnerability and noncompliance management process - Reporting & Compliance - Generating reports and KPI's for stakeholders (e.g., executives, auditors) on vulnerability status and progress of remediation. - Ensuring compliance with standards (e.g., ISO 27001, NIST, ...). - Continuous Improvement - Refining vulnerability management processes based on lessons learned and evolving threats. - Awareness to IT teams on secure coding practices and vulnerability awareness. - Work on automation scripts to support BAU activity, using Powershell, PythonTechnical Skills: • Vulnerability Management Tools (e.g.: NexusIQ, Fortify, SonarQube) • OWASP • Application Security Testing tool (e.g. Qualys, AppSpider, Bitsight) • Technology stack (web-app, infra, API, thick client, client-server) • Ticketing Systems (JIRA, ServiceNow)Language Skills: • English – Mastery • French – NotionsSoft Skills: • Organizational skills • Ability to collaborate / teamwork across multiple geographical locations • Decision making • Analytical ability/ Critical thinking / Attention to detail & Rigour • AutonomyComplementary information: • Experience, Academic Background & Other • Field of Expertise: Proven experience in application security. At least 5 years of experience, 3 years of which should be in Vulnerability Management. • Certifications: Examples: CC, CISSP, CEH, Security+Tools & Methodologies: - DevSecOps - Application Security Testing tool (e.g. Qualys, AppSpider, Bitsight) - Vulnerability Management Tools (e.g.: NexusIQ, Fortify, SonarQube) - OWASP - SSDLC (Secure Software Development Life Cycle) - Power BI knowledge - Ticketing Systems (JIRA, ServiceNow) • Academic Background: Master's degree in computer science, cybersecurity, or related fields.• Experience: At least 5 years of practical experience in Vulnerability Management (CVE, CTI,...) and at least in 2 of the following areas:- Vuln & pen test report reader - Software development, review and testing - Penetration testing - Risk assessment - Application/Security Architecture