Application Security Analyst (Vulnerability & Management)
Inetum • Porto
Publicado em 02/04/2026 às 12:32
Tempo inteiro
Descrição da Vaga
Company Description
Inetum is a European leader in digital services, supporting organizations as they navigate continuous technological change. The company helps clients accelerate their digital transformation through a broad portfolio that includes consulting, application services, digital engineering, cloud, cybersecurity, platforms, and infrastructure services
Job Description
This position is responsible for ensuring the ongoing security compliance of applications in production, reducing the risk of cyber‑attacks, data breaches, and service disruptions, while safeguarding the confidentiality, integrity, and availability of organizational assets.
The Application Security Analyst will regularly assess application security posture, analyze results from security testing tools (e.g. DAST), drive vulnerability remediation, and contribute to the continuous improvement of application security processes, standards, and procedures.
This role involves close collaboration with development, infrastructure, security, and regional teams to embed strong security practices across the organization.
Key Responsibilities
1\. Vulnerability Identification \& Monitoring
* Supervise and review regular vulnerability scans using tools such as Qualys, Bitsight, and similar technologies.
* Monitor threat intelligence sources and security advisories (e.g. CVE databases) to identify emerging vulnerabilities and risks.
* Review security compliance of production applications to ensure adherence to internal and external security standards.
2\. Risk Assessment \& Prioritization
* Assess identified vulnerabilities based on severity, exploitability, and business impact.
* Ensure defined prioritization models are followed and clearly communicate risks and impacts when remediation timelines are not met.
* Support stakeholders in understanding vulnerability risk and remediation urgency.
3\. Remediation Coordination
* Work closely with IT, Development, Application Security, Pentest, and Regional Teams to track, remediate, or mitigate vulnerabilities.
* Drive remediation activities through ticketing systems, ensuring timely application of patches, fixes, or compensating controls.
* Actively follow up on open findings and escalate when necessary to meet remediation SLAs and KPIs.
4\. Tracking, Reporting \& Governance
* Maintain accurate and up‑to‑date vulnerability data in ticketing and reporting tools (e.g. Jira, ServiceNow).
* Generate regular and ad‑hoc reports and dashboards (KPIs/KRIs) for technical teams, management, and auditors.
* Support compliance with security standards and frameworks such as ISO 27001, NIST, and internal AppSec policies.
5\. Continuous Improvement \& Advisory
* Contribute to the definition, review, and upkeep of application security procedures, guidelines, and standards.
* Identify opportunities to improve and automate vulnerability management processes.
* Raise security awareness among IT and development teams (secure coding practices, vulnerability awareness).
* Participate in incident or emergency situations requiring rapid security response and expert support.
* Develop or maintain automation scripts (e.g. PowerShell, Python) to support BAU activities.
Qualifications
* Vulnerability Management \& AppSec Tools
+ NexusIQ, Fortify, SonarQube
+ Qualys, AppSpider, Bitsight
* Security Standards \& Frameworks
+ OWASP Top 10
+ SSDLC (Secure Software Development Life Cycle)
* Technical Environment
+ Web applications, APIs, infrastructure, client-server, thick clients
* Ticketing \& Reporting
+ Jira, ServiceNow
+ Power BI (nice to have)
* DevSecOps principles and practices
* Scripting \& automation (PowerShell, Python)
Experience \& Qualifications
* Professional Experience
+ Minimum 5 years in Application Security or Cybersecurity.
+ At least 3 years focused on Vulnerability Management.
+ Hands‑on experience in at least two of the following areas:
- Vulnerability \& penetration test report analysis
- Software development, review, or testing
- Penetration testing
- Risk assessment
- Application or security architecture
* Education
+ Master’s degree in Computer Science, Cybersecurity, or a related field.
* Certifications *(preferred)*
+ CISSP, CEH, Security\+, CC or equivalent.
Language Skills
* English: Fluent / Professional proficiency
* French: Basic knowledge (nice to have)
Additional Information
Lisbon or Porto
Inetum is a European leader in digital services, supporting organizations as they navigate continuous technological change. The company helps clients accelerate their digital transformation through a broad portfolio that includes consulting, application services, digital engineering, cloud, cybersecurity, platforms, and infrastructure services
Job Description
This position is responsible for ensuring the ongoing security compliance of applications in production, reducing the risk of cyber‑attacks, data breaches, and service disruptions, while safeguarding the confidentiality, integrity, and availability of organizational assets.
The Application Security Analyst will regularly assess application security posture, analyze results from security testing tools (e.g. DAST), drive vulnerability remediation, and contribute to the continuous improvement of application security processes, standards, and procedures.
This role involves close collaboration with development, infrastructure, security, and regional teams to embed strong security practices across the organization.
Key Responsibilities
1\. Vulnerability Identification \& Monitoring
* Supervise and review regular vulnerability scans using tools such as Qualys, Bitsight, and similar technologies.
* Monitor threat intelligence sources and security advisories (e.g. CVE databases) to identify emerging vulnerabilities and risks.
* Review security compliance of production applications to ensure adherence to internal and external security standards.
2\. Risk Assessment \& Prioritization
* Assess identified vulnerabilities based on severity, exploitability, and business impact.
* Ensure defined prioritization models are followed and clearly communicate risks and impacts when remediation timelines are not met.
* Support stakeholders in understanding vulnerability risk and remediation urgency.
3\. Remediation Coordination
* Work closely with IT, Development, Application Security, Pentest, and Regional Teams to track, remediate, or mitigate vulnerabilities.
* Drive remediation activities through ticketing systems, ensuring timely application of patches, fixes, or compensating controls.
* Actively follow up on open findings and escalate when necessary to meet remediation SLAs and KPIs.
4\. Tracking, Reporting \& Governance
* Maintain accurate and up‑to‑date vulnerability data in ticketing and reporting tools (e.g. Jira, ServiceNow).
* Generate regular and ad‑hoc reports and dashboards (KPIs/KRIs) for technical teams, management, and auditors.
* Support compliance with security standards and frameworks such as ISO 27001, NIST, and internal AppSec policies.
5\. Continuous Improvement \& Advisory
* Contribute to the definition, review, and upkeep of application security procedures, guidelines, and standards.
* Identify opportunities to improve and automate vulnerability management processes.
* Raise security awareness among IT and development teams (secure coding practices, vulnerability awareness).
* Participate in incident or emergency situations requiring rapid security response and expert support.
* Develop or maintain automation scripts (e.g. PowerShell, Python) to support BAU activities.
Qualifications
* Vulnerability Management \& AppSec Tools
+ NexusIQ, Fortify, SonarQube
+ Qualys, AppSpider, Bitsight
* Security Standards \& Frameworks
+ OWASP Top 10
+ SSDLC (Secure Software Development Life Cycle)
* Technical Environment
+ Web applications, APIs, infrastructure, client-server, thick clients
* Ticketing \& Reporting
+ Jira, ServiceNow
+ Power BI (nice to have)
* DevSecOps principles and practices
* Scripting \& automation (PowerShell, Python)
Experience \& Qualifications
* Professional Experience
+ Minimum 5 years in Application Security or Cybersecurity.
+ At least 3 years focused on Vulnerability Management.
+ Hands‑on experience in at least two of the following areas:
- Vulnerability \& penetration test report analysis
- Software development, review, or testing
- Penetration testing
- Risk assessment
- Application or security architecture
* Education
+ Master’s degree in Computer Science, Cybersecurity, or a related field.
* Certifications *(preferred)*
+ CISSP, CEH, Security\+, CC or equivalent.
Language Skills
* English: Fluent / Professional proficiency
* French: Basic knowledge (nice to have)
Additional Information
Lisbon or Porto
Precisa de estar logado para se candidatar.
Login para Candidatar