Consultant en ingénierie énergie chez NEO2 sur des projets industriels innovants et durables. Impliqué(e) dans l'intégration technique des systèmes BESS et EMS avec un suivi managérial fort.
About the role
- Lead EASM engineering and validation for vulnerability management at Vanguard. Shape strategies for external attack surface security in a leadership role while promoting risk reduction.
Responsibilities
- Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets).
- Engineer and maintain repeatable validation processes and automation to confirm exploitability and business impact.
- Architect prioritization logic: Partner with VM stakeholder to apply exploitability signals (EPSS, KEV, public exploit availability), asset criticality, and exposure windows to drive risk-based prioritization.
- Engineer attribution and routing workflows: Build logic to deduplicate, attribute, and route findings across inventories, scanner outputs, and historical exceptions.
- Ensure single-threaded tracking and SLA visibility.
- Partner on remediation strategy: Collaborate with stakeholders to design layered fixes, compensating controls, and sustainable hardening patterns for external assets.
- Advance EASM capabilities: Develop tuning logic for discovery seeds and asset correlation. Continuously improve signal fidelity and automate common validation tasks.
- Support VDP oversight: Provide governance for researcher communications, proof-of-fix validation, and SLA adherence.
Requirements
- 7+ years in vulnerability engineering or external attack surface security, with proven leadership in complex environments.
- Hands-on experience with EASM platforms (e.g., Censys, Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery.
- Proficiency in scripting (Python, PowerShell, Bash) for automation and data wrangling; familiarity with SQL for enrichment tasks.
- Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
- Exceptional written and verbal communication—capable of translating technical risk into executive clarity and developer-ready guidance.
- Nice-to-Have experience building prioritization models using EPSS/KEV and attack path concepts.
- Familiarity with SaaS posture signals (SSPM) intersecting with external exposure.
- Certifications such as OSCP, GWAPT, GPEN (or equivalent demonstrable skill); CISSP is a plus.
- Deep expertise in validating advanced issues (authN/Z bypass, SSRF, injection, misconfigurations, cloud/API exposures) and producing actionable PoCs.
Benefits
- Growth pathways into offensive security, vulnerability management, security architecture, or program ownership.
- A technical leadership role helping to shape and influence EASM strategy, automation, and risk reduction across the enterprise.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Verification Engineer for AD/ADAS Cruise responsible for testing advanced driver assistance functionalities. Collaborating with team members on data - driven verification methods and automation in Gothenburg.
Software Engineer developing scalable software for social innovation. Creating impactful solutions in a hybrid environment with a focus on cloud technologies.
Lead the planning department in energy and telecommunications company in Elmshorn. Focus on network design, project management, and team development.
Software Engineer Middleware ensuring application availability at Bancolombia. Managing middleware applications and supporting users with a focus on development best practices.
Software Engineer Middleware at Bancolombia ensuring application availability and integration. Collaborating and managing full lifecycle of middleware applications with a focus on best practices.
Engineer I role providing engineering support for HVAC projects in Kansas City. Involves design, testing, and cross - functional collaboration for innovative HVAC solutions.
Planning & Scheduling Engineer managing road and tunnel projects using Primavera P6. Join Yunex Traffic at the forefront of intelligent mobility solutions.
Vulnerability Management Engineer responsible for prioritizing vulnerabilities and providing remediation guidance at HP. Ensure security of the HP enterprise during the digital transformation.
Test Engineer supporting railway signaling and CBTC projects. Engaging in verification, validation, and testing of railway systems while ensuring compliance with technical and regulatory requirements.