Job Title:
Information Security Expert - Vulnerability Management & Defensive Analytics
Type:
Full-time, Permanent
Location:
Lachen, Switzerland (onsite)
Responsibilities:
Lead the Vulnerability Management Program: Drive vulnerability discovery, analysis, prioritization, remediation tracking, and reporting across infrastructure and applications.
Defensive Analytics & Threat Detection: Develop and tune detection use cases, threat models, and behavior-based analytics using SIEM, EDR, and other telemetry sources.
Security Posture Improvement: Collaborate with infrastructure, development, and business teams to guide remediation, hardening and risk-reduction efforts.
Threat & Risk Prioritization: Analyze vulnerability data in the context of threat intelligence, exploitability, asset criticality, and business risk.
Automation & Efficiency: Integrate vulnerability data sources and analytics platforms with security automation and orchestration tools.
Leadership & Mentorship: Provide guidance to junior analysts and act as a subject matter expert in defensive cyber operations.
Metrics & Reporting: Define KPIs and produce executive-level dashboards to demonstrate program effectiveness and drive accountability
Qualifications:
University Degree in Information Security, IT or equivalent
3+ years of experience in vulnerability management, preferably in organizations which have manufacturing business operations.
Desirable: Relevant security certifications such as from ISC2, ISACA, CREST CCTIM or CCIM, SANS and Vendor Certifications.
Strong knowledge of vulnerability scanning tools (e.g., Tenable, Qualys, Nexpose) and enterprise remediation workflows.
Familiarity with MITRE ATT&CK framework, CVSS scoring, and threat modeling.
Hands-on experience in scripting or automation (e.g., Python, PowerShell) to streamline detection and analysis tasks.
Strong understanding of Windows, Linux, and network infrastructure vulnerabilities.
Support Multiple environments: Apply vulnerability management and threat analysis skills across diverse and interconnected environments, including corporate IT, Cloud, and Operational Technology (OT), to ensure comprehensive risk visibility.
Framework-Guided Hardening: Experience in using industry security benchmarks (such as CIS or NIST) as a reference to help measure security posture and contribute to the development of hardening standards that align with business risks.
Exposure to cloud security (AWS, Azure), and container security practices.
Proficiency in English and German is required