65601 - Threat & Vulnerability Management Engineer - Remote Portugal

TVM Engineer (Vulnerability Management) - Remote Portugal (Office visits at Lisbon Tagus Park when required

ABOUT THE OPPORTUNITY

Join a well-established international organization with a strong security culture and a mature cybersecurity program. You'll be part of a collaborative, technically driven team where your work directly impacts the company's risk posture at scale. This is a hands-on role with real visibility, where your findings and recommendations reach the right stakeholders and drive meaningful change across a complex technology landscape.

PROJECT & CONTEXT

The organization is strengthening its Threat & Vulnerability Management practice, focusing on continuous risk visibility across infrastructure, applications, and cloud environments. You'll work at the intersection of threat intelligence and remediation strategy — helping reduce the attack surface through structured, risk-based prioritization. The team operates cross-functionally, collaborating closely with infrastructure, application, and security engineering teams to ensure vulnerabilities don't just get found — they get fixed.

WHAT WE'RE LOOKING FOR

• 3+ years of hands-on experience in Threat & Vulnerability Management
• Proficiency in vulnerability scanning tools (e.g. Tenable Nessus, Qualys, or Rapid7 InsightVM)
• Solid understanding of CVE/CVSS scoring and risk-based prioritization frameworks
• Experience working with SIEM platforms and correlating vulnerability data with threat intelligence
• Knowledge of common attack vectors, exploitation techniques, and remediation strategies
• Ability to communicate risk clearly to both technical and non-technical stakeholders
• Fluent in English (written and spoken — required for daily collaboration)

NICE TO HAVE

• Security certifications: CEH, CompTIA Security+, or equivalent
• Familiarity with cloud security posture (AWS, Azure, or GCP)
• Experience with ticketing and remediation tracking (ServiceNow, Jira)
• Exposure to DevSecOps pipelines and container security scanning
• Knowledge of frameworks such as MITRE ATT&CK or NIST