**We are currently looking for a** Senior Vulnerability Management Analyst **to join our vulnerability management team in** Bilbao. What will be your mission? **Participate in projects and services related to vulnerability detection and management, with capabilities for analysis and potential exploitation of identified findings. Be able to work in an organized manner and report information concisely and clearly.** What are we looking for? * **Engineering degree, higher or medium-level qualification in computer engineering or related field.** * **5 years of experience in red team services or vulnerability detection and remediation projects.** * **Knowledge of vulnerability exploitation tools (Burp Suite, Metasploit, etc.) and activation of PoCs.** * **Proficiency with vulnerability scanning and management tools such as Tenable, Rapid7 InsightVM/Nexpose, Qualys or similar.** * **Technical analysis of vulnerabilities (applicability, potential impact, likely exploits, false positives, etc.)** * **Knowledge of scripting and automation, definition and achievement of relevant KPIs.** * **Ability to analyze findings, generate technical and functional recommendations, and follow up until resolution.** * **Ability to coordinate remediation plans with multiple teams.** * **Ability to link technical findings with security controls and regulatory requirements.** * **Functional knowledge of regulatory frameworks and standards related to vulnerability management: ISO/IEC 27001, NIST CSF, NIST 800\-40, ENS, CIS Controls.** * **Currently residing in Bilbao and/or nearby areas.** * **English: B2** What challenges and tasks might you encounter in this role? * **Technical analysis of scans, reports, and vulnerability notifications** * **Assessment of public vulnerabilities with impact analysis** * **Dedicated work with a client where you will carry out full vulnerability management** * **Technical review of findings to determine whether they are real detections or false positives** * **Coordination with remediation teams to fix the vulnerability** * **Reporting on vulnerabilities and tracking of services/projects** * **Define, implement, and monitor KPIs** * **Prepare periodic executive reports with trend analysis, residual risks, and goal compliance** * **Workflow optimization** What do we offer? * **Contract type: Full-time permanent contract.** * **Location: Bilbao and/or surrounding areas.** * **Work mode: On\-site** * **Participation in an innovative project, where you can contribute your talent autonomously and dynamically** * **Salary: flexible depending on candidate's experience.** **If you've read this far, you know what to do!** Apply now **Now that I've applied, what's next?** **1️⃣ Application screening \- We will review your profile.** **2️⃣ Phone Screening \- If you pass the first filter, we will have a brief call to gather additional basic information or background details.** **3️⃣ Interviews: Talent Interview \- To get to know you better. Technical Interview \- With the team to assess your knowledge. Optional: A second technical interview if deeper evaluation is needed.** **4️⃣ Final stage: we will request your employment history and/or personal references to verify the provided information.** **We positively value applications from candidates with a disability certificate of 33% or higher, in compliance with current legislation, the General Law on the Rights of Persons with Disabilities and their Social Inclusion (LGD). Likewise, in our aim to reverse the trend in our industry and promote gender balance within our team, we encourage potential female candidates to apply so we can consider as many applications from this gender as possible**