Specialist Vulnerability Management @ Alstom

• Take on a new challenge and apply your ethical hacking expertise in a cutting-edge field. Youll work alongside talented, collaborative, and forward-thinking teammates.
• You''ll play a key role in safeguarding our organization''s assets and enhancing our security program. Day-to-day, youll work closely with teams across the business (such as infrastructure, application owners, and third-party vendors), analyze threat intelligence reports, and develop remediation plans, among other impactful responsibilities.
• Youll specifically take care of vulnerability assessments, penetration testing, and implementing Secure SDLC programs, but also contribute to designing and delivering actionable security dashboards.

Well look to you for:

• Tracking new and emerging threats and vulnerabilities, verifying their applicability, and initiating remediation activities as necessary
• Analyzing assessment reports provided by vendors or third parties and resolving them within defined SLAs
• Developing remediation plans by collaborating with infrastructure and application owners
• Providing guidance on patching, configuration settings, and additional security controls
• Defining the scope of assessment activities across internal and partner organizations
• Designing and delivering actionable information security dashboards and metrics
• Creating awareness about good security practices and the benefits of Secure SDLC programs
• Prioritizing vulnerabilities based on risk and driving them to closure using tools like Qualys, Skybox, and SecOps

All about you

We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role:

• Bachelors or Masters degree in Engineering, Technology, or a related field
• 8 years of relevant IT experience
• Professional certifications such as CISSP, CEH, GPEN, or OSCP
• Exposure to threat modeling, systems hardening, and Secure SDLC programs
• Experience in application penetration testing and ethical hacking
• Proficiency with tools like Qualys, Veracode, Nessus, AppScan, and Skybox
• Knowledge of TCP/IP stack, OSI layers, application programming interfaces, middleware, and mobile technologies
• Familiarity with penetration testing methodologies (e.g., OWASP, OSSTMM, PCI DSS)
• Strong analytical skills and the ability to drive innovation and process improvement
• Solid understanding of ITIL process frameworks and experience in creating processes in complex multivendor ecosystems