Welcome to the team: Vulnerability Analyst (m/f/diverse)
Your tasks
- Ensuring organizational compliance with security configurations and best practices across infrastructure and applications;
- Driving vulnerability remediation, patch compliance and system hardening activities;
- Analyzing vulnerability and configuration scan results from relevant tools and platforms;
- Identifying, prioritizing and tracking remediation of vulnerabilities and configuration weaknesses;
- Collaborating with infrastructure and application owners to define and implement remediation plans;
- Following up with stakeholders to ensure timely closure of identified findings;
- Documenting processes, findings and remediation activities in an audit‑ready manner;
- Preparing and maintaining documentation to support internal and external audits;
- Contributing to the continuous improvement of vulnerability and configuration management processes;
- Communicating technical risk and remediation requirements to non‑technical stakeholders in a clear and structured way;
- Supporting the enhancement of the bank’s overall cyber hygiene and reduction of cyber risk.
Your profile
- High knowledge of Vulnerability Management:
- Analyzing vulnerability scan results and driving risk‑based remediation and risk acceptance;
- High knowledge of System Hardening & Configuration Management:
- Evaluating configuration scan results, identifying misconfigurations and improving configuration baselines;
- Good knowledge of Patch Compliance & Patch Management:
- Monitoring patch status, validating SLA compliance and recommending process improvements;
- Good knowledge of Security Standards & Regulatory IT Compliance:
- Applying internal security policies and supporting regulatory and audit requirements;
- Good knowledge of Documentation & Audit Readiness:
- Creating clear, audit‑ready documentation, SOPs and maintaining traceable records;
- Good knowledge of Stakeholder Management & Issue Resolution:
- Collaborating with asset owners and security teams, driving issue resolution and escalating critical topics;
- Good knowledge of Cyber Risk Management & Reporting:
- Translating technical findings into risk‑oriented views and reporting on vulnerability/hygiene KPIs;
- Good knowledge of Tools & Platforms (e.g. JIRA, ServiceNow SecOps):
- Using ticketing and workflow tools, ensuring data quality and supporting workflow/dashboard optimization.
In return, we offer:
- Good work-life balance, including 25 days annual paid leave (increasing with 1 day per year up to 31 in total), flexible working hours, work-from-home and work from abroad opportunities;
- Luxury package of additional health and dental insurance;
- Food vouchers in the amount of EUR 80 monthly;
- 6 additional annual days off for exceptional circumstances
- Employee assistance program for psychological, financial and legal consultations;
- Multisport card;
- Annual contribution of EUR 153.39 net per child for a summer camp/school/kindergarten for children up to age of 15;
- Possibilities for building career-advancing skills by covering training/certification courses and conferences based on individual learning and development needs, access to an online learning platform;
- Opportunities for long-term professional development in a stable, 150-year-old company while contributing to the vision of a new, just starting Digital Technology Center;
- Friendly and supportive multicultural environment, open to new opinions and ideas.
Commerzbank is proud to be an equal opportunity employer, committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to gender, race, color, national origin, religion, gender identity or expression, sexual orientation, genetics, disability, age, or any other characteristics.
Our Benefits
Work internationally; Work-life balance; Health& Dental Insurance; Multisport Card; 25 up to 31 annual paid leave; 6 Exceptional Days Off; Food vouchers; Employee assistance program; Children Summer Camp Contribution; Learning Platforms
The company
Commerzbank is a leading international commercial bank with branches and offices in almost 50 countries. The world is changing, becoming digital, and so are we. We are leaving the traditional bank behind us and we are choosing to move forward as a digital enterprise.
As part of this strategy, Commerzbank continues the expansion of its Digital Technology Center in Sofia, Bulgaria. We need motivated people who will join us on this journey and we are looking for a Vulnerability Analyst in our Cyber Defense and Base Services team.
Cluster Cyber Defense & Base services provides 1. LoD activities within the Commerzbank Cyber Security Organization. In addition, to these operational topics the cluster also develops and operates a variety of security tools which are used by the operational units SOC and Threat Intelligence.
In the Cluster Organization, business analysts, engineers and product owners work together as a team. The agile methods support the team members in performing their functions by facilitating a rapid and flexible response to changing conditions and customer needs through an iterative approach and the continual development of new solutions resulting into better products, higher quality, and more efficient processes.
The team works together to ensure that valuable functionalities are provided to customers and that existing products, processes and services are developed and improved in line with customer needs. To achieve this, the team members organize their own activities, working autonomously and with full accountability. Open communication and feedback are key to adopt a fail-fast approach – recognize mistakes and move forward in the right direction.
Contact
Apply now with your up-to-date CV in English!
Due to the high volume of applications, we contact only the candidates who best match the role requirements. If you do not hear from us within 14 days, please consider that we won't proceed with your application at this stage.