Engineer - Cybersecurity (Vulnerability & Threat Management)

Location: Krakow, Poland (Hybrid) 

Type: Full-time employment

Hybrid work: 2 days in office and 3 days remote 

Working Hours: 9 am – 5 pm local time

Description

Duties will include providing vulnerability assessment and remediation activities through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the systems and proposing countermeasures. Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications.

Responsibilities

• Plans, develops and executes scans for vulnerabilities and compliance with configuration standards
• Manages enterprise vulnerability assessment and configuration assessment tools
• Works to identify and resolve false positive findings in assessment results
• Analyzes threat and vulnerability feeds and analyzes data for applicability to Sysco’s environment
• Works with applicable technical teams to ensure remediation of discovered vulnerabilities
• Coordinates change control for remediation activities
• Responsible for generating timely vulnerability assessment reports to management
• Generate reports on assessment findings and summarizes to facilitate remediation tasks for other operational teams
• Produces vulnerability, configuration, and coverage metrics to demonstrate assessment coverage and remediation effectiveness
• Recommends security controls and/or corrective actions for mitigating technical and business risk
• Assists in conducting security reviews of new and existing applications
• Maintains an awareness of existing and proposed security standards, industry best practices, legislation and regulations pertaining to information security and recommends appropriate changes
• Prevents/anticipates problems and focus on continuous improvement of manual and automated processes
• Optimizes existing workflows to enhance existing capabilities
• Creates and updates documentation related to assessment processes

Qualifications

Candidates for this position should have at least 2 years of experience of the following:

• Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
• Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
• Vulnerability Assessment tools, e.g. Nessus, Nexpose, etc
• Exploitation frameworks, e.g. Metasploit
• Social Engineering campaigns, e.g. email phishing, phone calls, SET
• Security devices, e.g. Firewalls, VPN, Proxies
• OS Security, e.g. Unix, Linux, Windows, Cisco, etc
• Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
• Web application infrastructure, e.g. Application Servers, Web Servers, Databases
• Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
• Reporting information security vulnerabilities to businesses
• Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.

Knowledge / Skills / Abilities:

• Subject matter expert in a broad range of security concepts
• Broad IT knowledge and experience, including an understanding of network devices and their role in a secure environment
• Ability to work directly with team members and end-users in stressful situations
• Ability to work in a dynamic environment
• Ability to solve complex problems through research and technical detective work
• Ability to learn new technologies and processes quickly
• Ability to quickly adapt to changes in timelines and sequences
• Able to work off hours when required
• Excellent communication and interpersonal skills
• Collaboration skills

Why Join Us 

• Be part of a global cybersecurity team protecting a dynamic enterprise environment. 

• Opportunity to work with modern security technologies and drive tool innovation. 

• Collaborative culture with professional development opportunities. 

• Hybrid work model with our Kraków office as the primary location.