Vulnerability Detection Specialist (m/f/d)

q.beyond AG is a leading German IT service provider. Our 1,100 employees with expertise in cloud, SAP, Microsoft, data intelligence, security and software development support our SME customers in their digital transformation.

Design future-proof IT solutions with us as Vulnerability Detection Specialist (m/f/d) at one of our locations:

As a Vulnerability Detection Specialist, you are part of our cybersecurity team and are responsible for the operational implementation and continuous development of our Managed Vulnerability Service. Your focus is on identifying, assessing and prioritising vulnerabilities based on Rapid7 InsightVM and, where appropriate, additional tools.

In addition, you further develop our service from both a technical and process perspective – in particular by integrating it into our ITSM platform (e.g. Ivanti) and by creating automated workflows for risk assessment, ticket creation and communication with customers.

A key part of your role is close collaboration with internal and external stakeholders in the delivery of remediation projects in order to concretely reduce risks arising from vulnerabilities – both in the short term (ad hoc measures) and strategically (e.g. through patch processes, network segmentation or hardening).

• Operation and maintenance of the Rapid7 InsightVM vulnerability management platform as part of our managed service
• Planning, execution and documentation of vulnerability scans in customer environments
• Assessment and prioritisation of vulnerabilities based on CVSS, current threat landscape, exploit availability and business relevance
• Preparation of risk reports and prioritisation recommendations for our customers
• Design, support and management of remediation projects aimed at reducing risk
• Further development of our Managed Vulnerability Service, including service description, metrics and KPIs
• Integration of vulnerability workflows into the central ITSM system (e.g. Ivanti) for automated ticket creation and processing
• Co-design of automations (e.g. ticket processes, escalation rules, reporting) to increase efficiency
• Close collaboration with our Security Operations Center, account managers, penetration testers and GRC team

• Solid knowledge of vulnerability management as well as IT and network security
• Hands-on experience with Rapid7 InsightVM (alternatively InsightAppSec or comparable scanners such as Tenable or Qualys)
• Experience working with IT infrastructures (Windows/Linux, networks, virtualization, cloud platforms)
• Familiarity with CVSS, exploit risk analysis and prioritisation based on the current threat landscape
• Experience working with ITSM systems (e.g. Ivanti, ServiceNow, Jira) and integrating them with security tools
• Ability to create and interpret technical reports and to communicate risks to both technical and non-technical stakeholders
• Experience collaborating with customers or internal stakeholders on the implementation of remediation measures
• C1 level German skills and B2 level English skills

Desirable additional qualifications:

• Knowledge of automating security processes, e.g. via APIs, scripting languages (Python, PowerShell), SOAR approaches
• Experience in developing and operating Managed Security Services
• Initial experience in project management or process consulting in the area of vulnerability management
• Knowledge of related topics such as patch management, threat intelligence or compliance (e.g. ISO 27001, NIS2, BSI IT-Grundschutz)
• Rapid7 certifications (e.g. InsightVM Certified Administrator) are an advantage
• Willingness for continuous learning and active contribution to the further development of the service portfolio