Application Security Analyst & Vulnerability & Management

We are growing. And we are looking for talented people.

At Decskill, we believe that technological excellence is driven by human talent.

We are an IT consulting company with more than 10 years of consolidated experience in the market, focused on building long-term relationships with both our clients and our people. Today, we are a community of over 800 professionals, working from Lisbon, Porto, and Madrid, contributing to impactful technology initiatives.

As part of the Astek Group, we combine a strong local culture with a global presence, being active in around 23 countries across 4 continents. This allows us to offer an international context, diverse challenges, and long-term career opportunities, while staying close to our teams.

We would like to meet a Application Security Analyst & Vulnerability & Management!

Responsabilities:

• Vulnerability Identification.
• Supervising the execution of regular scans (using tools like Qualys, Bitsight...) to detect vulnerabilities in software, hardware, and configurations.
• Monitoring threat intelligence feeds and security advisories (e.g., CVE databases) for emerging vulnerabilities\".
• Risk Assessment & Prioritization.
• Evaluating vulnerabilities based on severity (e.g., scores), exploitability, and potential impact.
• Ensure that prioritization is followed and understanding the impacts when it is not.
• Remediation Coordination:
• Collaborating with IT, development, and security teams (Pentest, Application Security, Regional teams) to follow up on ticket stock to patch or mitigate vulnerabilities.
• Ensuring timely application of security updates and workarounds.
• Follow up and tracking of findings/Reporting tools:
• Ensure accurate and up-to-date data on relevant ticketing and reporting tools (e.g., Jira):
• Active follow up, review of findings through relevant tools in timely manner and engage stakeholders in remediation process This includes triggering necessary escalations when needed to keep the stakeholders and management aware.
• Application Security analyst must be mindful of the remediation timescales defined by AppSec and relevant policies/procedures therefore expected to act/react in timely fashion ensuring remediation KPI/KRI/SLA.
• Take part in periodic/on demand conversations, emergency situations where necessary to act swiftly sharing the expertise and supporting in the vulnerability and noncompliance management process.
• Reporting & Compliance.
• Generating reports and KPI’s for stakeholders (e.g., executives, auditors) on vulnerability status and progress of remediation.
• Ensuring compliance with standards (e.g., ISO 27001, NIST, …).
• Continuous Improvement
• Refining vulnerability management processes based on lessons learned and evolving threats.
• Awareness to IT teams on secure coding practices and vulnerability awareness.
• Work on automation scripts to support BAU activity, using Powershell, Python, …ocess.

Requirements :

• Vulnerability Management Tools (e.g.: NexusIQ, Fortify, SonarQube)
• OWASP experience.
• Application Security Testing tool (e.g. Qualys, AppSpider, Bitsight) experience.
• Technology stack (web-app, infra, API, thick client, client-server) experience.
• Ticketing Systems (JIRA, ServiceNow) experience.
• Organizational skills
• Ability to collaborate / teamwork across multiple geographical locations
• Decision making.
• Analytical ability/ Critical thinking / Attention to detail & Rigour
• Autonomy.
• Fluency in English.

Are you looking for an environment that values curiosity and commitment? Here, your contribution has real impact and individual growth is taken seriously.

Find with us the right opportunity to grow!

What you can expect from us:

• Long-term projects with national and international context (if applicable)
• Opportunities to grow technically and professionally
• A people-first culture, focused on transparency and trust
• Teams that value ownership, collaboration and stability.

Join us Send us your CV in English to with reference “CA/Vulnerability&Management ”.

Your next challenge might start here.

Thank You! :)

Decskill is committed to equality and non-discrimination with all our talents. We recruit and promote talent, based on diversity and inclusion, regardless of age, gender, ethnicity, race, nationality or any other form of discrimination incompatible with the dignity of the human being.