Location
Calle Bergara 13
8002 Barcelona
8002 Barcelona
Vulnerability & Exposure Management Operator (m/f/d)
Employment Area
IT - SecurityLevel
Experienced professionalsWorking Model
Full-timeReference ID
47248
Join Schwarz IT Barcelona - IT Hub of Europe's Largest Retail Group.
At Schwarz IT Barcelona, we provide high value IT services for the entire Schwarz Group, which includes Lidl, Kaufland, Schwarz Produktion, PreZero, Schwarz Digits, STACKIT, and XMCyber.
As part of a top 5 global retail company, we serve 6 billion customers through 13,700 stores in 32 countries, supported by over 575,000 employees.
We are looking for open-minded colleagues with passion for technology, who are willing to find diverse and exciting career opportunities in a dynamic work environment that stands for development and progress.
Elevate your career with us, where development and progress are at the heart of everything we do.
At Schwarz IT Barcelona, we provide high value IT services for the entire Schwarz Group, which includes Lidl, Kaufland, Schwarz Produktion, PreZero, Schwarz Digits, STACKIT, and XMCyber.
As part of a top 5 global retail company, we serve 6 billion customers through 13,700 stores in 32 countries, supported by over 575,000 employees.
We are looking for open-minded colleagues with passion for technology, who are willing to find diverse and exciting career opportunities in a dynamic work environment that stands for development and progress.
Elevate your career with us, where development and progress are at the heart of everything we do.
Your Tasks
- Join our dynamic Vulnerability & Exposure Management Operations team, where we proactively strengthen the organization's security posture. We are a strategic partner dedicated to prioritising, assigning, advising, addressing and monitoring vulnerabilities and exposures in a structured and collaborative way. Our approach is founded on two core principles: robust governance to ensure our processes are consistent and reliable, and unwavering customer centricity to foster strong, collaborative partnerships with technical and business teams.
- This is a critical operational role where you will not only manage our established vulnerability and exposure management processes and services, but also be at the forefront of expanding our capabilities. You will be directly involved in the operational launch of new and essential services, including the assessing, advising and addressing of security misconfigurations (Non-CVE’s) and web application related vulnerabilities and exposures.
Manage, maintain and optimize our already established processes and services to prioritise, assign, advise, address and monitor detected vulnerabilities and exposures. - Actively work on new services, processes and projects, helping to define action plans and improvements, contributing with their operationalization and automatization.
- Analyze and triage vulnerabilities and exposures, applying risk-based prioritization and environment context using different frameworks like CVSS.
- Collaborate with asset owners, infrastructure teams, and other relevant stakeholders, providing clear, actionable guidance on secure configuration standards and best practices to facilitate effective remediation activities.
- Work on the operationalization of the findings detected by our web application scanning tool, working and supporting directly the development teams on how to resolve web application based vulnerabilities and exposures.
- Develop and maintain remediation guidelines for security misconfigurations (Non-CVE’s) in different environments (eg. Active Directory) and web applications related vulnerabilities and exposures to ensure consistent and effective risk reduction across multiple environments.
- Generate and present metrics, reports, and dashboards to communicate the effectiveness of current security and risk posture to stakeholders at all levels.
- Stay updated on emerging threats, misconfigurations, and best practices for securing enterprise environments.
Your Profile
- 5–6 years of working experience on Cybersecurity Operations as a Security Analyst, with a focus on Vulnerability and Exposure Management.
- Strong hands-on experience with vulnerability and exposure management tools (e.g., Tenable, Burp Suite, XM Cyber).
- Solid understanding of security misconfigurations (Non-CVE’s) and CVE’s, and their remediation techniques.
- Knowledge of security industry-standard frameworks and methodologies, such as OWASP for web applications and APIs.
- Knowledge of operating systems (Windows, Linux), networking principles, web application architecture and IAM environments (eg. Active Directory).
- Excellent communication and interpersonal skills, with a proven ability to translate complex technical issues for diverse audiences.
- Proficiency with IT service management or ticketing systems (e.g., Jira, ServiceNow).
- Fluent English, written and spoken.
- Good to Have knowledge of security best practices in cloud environments (AWS, Azure, GCP).
- Good to Have familiarity with identifying and remediating security misconfigurations based on frameworks like CIS Benchmarks.
- Good to Have basic scripting skills (Python, PowerShell) for task automation or data analysis.
- Good to Have relevant security certifications (e.g., CISSP, CEH, Security+).
- Love to work with customers and satisfy their needs
- Good work quality
- Tasks prioritization
- Independent working ability
- Ability to document
- Professional behaviour
- Capacity of team work
- Self-critical thinking and acting
- Independence
- Initiative
- Willingness to learn
- Flexibility to changes
Our benefits
Your contact
Xavier Coll Porqueres
Recruiter
- E-Mail:Digits-ES-SIT-HR@mail.schwarz