Senior Cybersecurity & Vulnerability Specialist

Do you know askblue?

We were born in 2013, and we provide services in the field of information technology.

We are looking for a Senior Cybersecurity & Vulnerability Specialist to join our company, in one of our projects, in the construction, mobility and industrial sectors, located in Lisbon. We are seeking expertise in Senior Cybersecurity & Vulnerability Specialist to operationalize the Information Systems Security Policy (ISSP). The focus will be on enabling the Project Security Assessment Tool (PSAT) process and managing vulnerabilities within our data and analytics ecosystem. The goal is to establish secure-by-design practices and support teams in applying security requirements effectively. This initiative will drive remediation efforts in alignment with the Group IT strategy and compliance standards. Collaboration with application owners, infrastructure teams, and project leads is essential to embed ISSP controls into daily operations. Additionally, promote awareness and training to ensure widespread adoption of ISSP principles.

Tasks:

• ISSP Implementation & Enablement:
  • Translate ISSP principles into actionable practices across data and analytics environments.
  • Collaborate with application owners, infrastructure teams, and project leads to embed ISSP controls into daily operations.
  • Support the rollout of ISSP-aligned tools, templates, and dashboards.
  • Contribute to awareness campaigns and training to promote ISSP adoption.
  • Monitor implementation progress and identify areas requiring additional support or clarification.
• PSAT Enablement:
  • Guide project teams through the PSAT lifecycle, from initiation to validation.
  • Support the completion of the Security Interview and ensure accurate classification of project criticality.
  • Coordinate with Security Officers (SO) to review responses and define applicable requirements.
  • Facilitate compliance checks and ensure readiness for Go Build / Go Live milestones.
  • Promote reuse of validated PSATs and ensure versioning is properly managed for evolving applications.
• Vulnerability Lifecycle Management:
  • Monitor and assess vulnerabilities using Saint-Gobain’s security tooling (e.g., scanners, SAST, SCA).
  • Prioritize vulnerabilities based on severity and business impact, ensuring remediation within SLA.
  • Maintain a knowledge base of remediation strategies and lessons learned.
  • Continuously improve detection and assessment processes in collaboration with security and development teams.
• Remediation Support & Governance:
  • Assist application managers in interpreting vulnerability reports and defining remediation plans.
  • Coordinate remediation efforts or risk acceptance processes, escalating non-compliance when necessary.
  • Provide technical guidance during patching and mitigation activities.
  • Participate in AppSec governance forums to align on priorities and share updates.
• Security Compliance & Continuous Improvement:
  • Contribute to audits, reporting, and improvement plans to ensure ongoing compliance with ISSP and Group IT standards.
  • Support the integration of ISSP and vulnerability management into secure software development practices.
  • Collaborate with cybersecurity, compliance, and IT stakeholders to align on risk posture and remediation strategies.

Requirements:

• Proven experience in cybersecurity, particularly in data & analytics or cloud-native environments.
• Strong understanding of cybersecurity frameworks and policies, especially the Information Systems Security Policy (ISSP) or equivalent.
• Proficiency in vulnerability management tools and processes, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), and security scanners.
• Experience in monitoring, assessing, and prioritizing vulnerabilities based on severity and business impact.
• Solid understanding of IT infrastructure, Azure cloud platforms, and networking concepts.
• Familiarity with secure software development practices and integration of security into the development lifecycle.
• Experience supporting or enabling security governance processes, such as the Project Security Assessment Tool (PSAT).
• Ability to lead cross-functional initiatives and collaborate effectively with both technical and business stakeholders.
• Strong communication skills to translate complex security concepts into actionable practices for diverse teams.
• Experience in conducting awareness campaigns and training sessions to promote security policy adoption.
• Ability to analyze vulnerability reports, define remediation plans, and provide technical guidance during patching and mitigation activities.
• Continuous improvement mindset to enhance detection and assessment processes.
• Familiarity with compliance standards and experience contributing to audits and reporting to ensure ongoing adherence to ISSP and Group IT standards.
• Fluent in English; proficiency in French is a plus.

Work Arrangement:

• Hybrid (Twice a week in the office).

Offer:

• Health Insurance;
• 3 and a half days of leave per year + 22 vacation days;
• Unlimited access to Udemy.

If you are interested in the opportunity, upload your C.V. or send it to vasco.filipe@askblue.com with the reference #16727461 in the subject.

askblue – where business meets technology