Bekijk alle vacatures
Vulnerability Analyst
Brussel, BrusselVulnerability Analyst / Exposure Management Analyst
Start Date: ASAP
End Date: 30/09/2026 (with possibility of extension)
Key Responsibilities:
-
Vulnerability Discovery Coordination:
- Coordinate vulnerability discovery activities across entities, platforms, and asset groups.
- Support onboarding of entities into the Group VM platform and ensure discovery coverage.
- Validate scan scope, asset coverage, scan quality, and data completeness with VM Tooling Engineers and outsourcing partners.
- Identify blind spots in asset visibility, scan coverage, or entity onboarding.
- Vulnerability Analysis & Prioritization:
- Assist entities in analyzing vulnerability findings and support risk-based prioritization.
- Validate findings, false positives, and remediation feasibility with Entity VM SPOCs and IT Operations.
- Support prioritization of urgent vulnerabilities and critical exposures.
- Translate technical findings into actionable remediation priorities for IT teams.
- Remediation Follow-Up:
- Track remediation progress across entities, owners, and technology domains.
- Follow up on overdue, high-risk, or recurring vulnerabilities.
- Escalate blocked remediation items through governance channels.
- Document remediation status, exceptions, and risk acceptances.
- Reporting & Governance:
- Produce recurring vulnerability and exposure reports for Group Security and governance bodies.
- Maintain dashboards on vulnerability posture, remediation progress, and risk exposure.
- Provide management summaries on key risks, blockers, trends, and required decisions.
- Support evidence gathering for audit, compliance, and internal control assurance.
- Stakeholder Coordination:
- Act as the operational coordination point between Group Cyber CoE, outsourcing partners, and IT Operations.
- Facilitate remediation meetings and exposure review sessions.
- Promote consistent working practices across entities.
- Support entities in understanding priorities and remediation responsibilities.
- Continuous Improvement:
- Identify recurring root causes and process improvement opportunities.
- Contribute to improving vulnerability workflows and escalation mechanisms.
- Support future evolution towards automation and integration with ITSM/CMDB platforms.
Key Deliverables:
-
Group vulnerability posture reports.
- Entity remediation follow-up dashboards.
- Prioritized vulnerability action lists.
- Exception and risk acceptance tracking.
- Coverage and scan quality reports.
Required Experience:
-
Minimum of three years of experience in a similar role.
- Experience in vulnerability management, security operations, IT operations, infrastructure security, or risk management.
- Good understanding of vulnerability scanning, asset discovery, CVEs, CVSS, exploitability, and remediation workflows.
- Experience with tools such as Qualys, Tenable, Rapid7, Defender Vulnerability Management, or similar.
- Experience in federated, multi-entity, or complex enterprise environments is a major bonus.
Skills & Competencies:
-
Strong analytical mindset.
- Ability to translate technical vulnerabilities into business-relevant risk priorities.
- Strong coordination and follow-up discipline.
- Good stakeholder management across security and IT teams.
- Structured reporting and executive communication skills.
- Pragmatic, persistent, and outcome-driven.
- Able to operate without direct hierarchical authority.
Success Measures:
-
Improved visibility of Group vulnerability exposure.
- Reduced aging of critical and high vulnerabilities.
- Improved remediation follow-up discipline across entities.
- Clear ownership of vulnerability findings.
- Fewer unresolved or unassigned critical exposures.
- Better quality reporting for Group and entity leadership.
Language Proficiency:
Bilingual in Dutch and French, both spoken and written, at a business level.