Security Vulnerability Analyst

Job Description

Stefanini Group is looking for a Security Vulnerability Analyst to complement the technical capabilities of our Security Operations Center (SOC), part of Infrastructure Services (INFRA) Division.

As a Security Vulnerability Analyst, you will act as the technical point of contact for vulnerability management activities. You will independently deliver vulnerability assessment services, support client interactions, and provide actionable risk-based insights while ensuring high-quality service delivery within an MSSP environment.

Job Responsibilities

• Serve as a technical escalation point for client vulnerability management-related issues.
• Perform vulnerability assessment scanning, false positive validation, compliance scanning, and policy configuration using various vulnerability management tools.
• Review security vulnerabilities across multiple technologies and environments to identify high-risk issues affecting business assets.
• Conduct risk, threat, and vulnerability analysis, including understanding exploitation techniques and attack paths.
• Provide clear remediation guidance and assist clients in prioritizing vulnerabilities based on risk and impact.
• Support patch management and remediation tracking activities.
• Integrate, analyze, and communicate vulnerability metrics, trends, and risk posture to clients and internal management.
• Ensure vulnerability management activities comply with defined SLAs, processes, and client requirements.
• Contribute to continuous improvement of vulnerability management processes and reporting.
• Participate in mentoring junior analysts and knowledge-sharing activities.

Job Requirements

Technical skills

• 2-3+ years of hands-on experience in vulnerability management or patch management.
• 3-5 years of experience in IT and/or Cybersecurity roles.
• Experience with vulnerability assessment tools such as Microsoft Defender Vulnerability Assessment, Nessus, Qualys or Rapid7.
• Strong understanding of vulnerability classes and classification schemes (CVE, CVSSv2/v3, CWE, CPE).
• Ability to analyze vulnerabilities and assign meaningful severity and remediation priorities.
• Good technical knowledge of networks, firewalls, operating systems, and enterprise environments.
• Understanding of related security domains (e.g., Incident Response, IAM, Threat Assessment).
• Strong analytical and problem-solving skills.
• Good written and verbal communication skills in English, including client-facing communication.
• Ability to work independently and manage multiple priorities in an MSSP environment.

Professional competencies and necessary qualifications

• Excellent written and verbal communication skills in English.
• Excellent at communicating technical problems and solutions to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Ability to work collaboratively with cross-functional teams.
• Strategic mindset with the ability to think critically and make data-driven decisions.
• High degree of initiative, dependability and ability to work with little supervision.

What's next

It's best to apply today, because job postings can be taken down and we wouldn't want you to miss this opportunity. In case you need further information, just send us a message at recruitmentEMEA@stefanini.com and we'll be happy to assist!

The preceding job description had been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and responsibilities required of employees assigned to this job.

Diversity & Inclusion

Here at the Stefanini Group, we value plurality and equity, regardless of race, sexual orientation, disability, age, ancestry, religion, gender, and nationality. We understand and encourage the importance of being you!

About Us

We are the Stefanini group, a global tech consulting company of Brazilian origin that believes in the power of people to transform businesses through technology.

We are present in over 40 countries and operate with the purpose of co-creating solutions TOGETHER WITH OUR CLIENTS that accelerate results and improve the experience of people and organizations.

Here, we like to say that technology is not the end, but the means: what really matters are the people who drive it all.

Our mindset is AI First, meaning we invest in cutting-edge technology in everything we do, focusing on results for our clients.

We are a company, A GROUP, that breathes collaboration and offers a dynamic environment where you will learn by doing, grow alongside the team, and have space to contribute with ideas and projects.

More than just talking about digital transformation, we believe in real transformation that starts with people and impacts real businesses.

If you are looking for a place to develop, innovate, and be part of something bigger, the Stefanini Group is your place.

We want to inform you that there are currently scams targeting job seekers by falsely using our company's name, Stefanini. We sincerely apologize for any confusion or inconvenience this may have caused.

Please remember that legitimate job offers from Stefanini will always come through official channels, including direct communication with our trained recruiters. If you receive any unsolicited messages requesting payment or personal information, please disregard them.

If you suspect you've been targeted, please contact us immediately at RecruitmentEMEA@stefanini.com for verification.

Key Points to Remember

• Legitimate job offers only follow interviews conducted with our hiring managers or clients.
• We will never ask for payment at any stage of the recruitment process.

Stay vigilant and feel free to reach out for verification. Your safety and security are our top priorities. Thank you for your understanding and cooperation.

Key skills/competency

• Vulnerability Management
• Risk Analysis
• Threat Assessment
• Security Operations
• Nessus
• Qualys
• Rapid7
• CVSS/CVE
• Network Security
• Client Communication