Cybersecurity Expert – External Attack Surface Management

About the role

We are looking for a mid‑level Cybersecurity Expert to join our global External Vulnerability Scanning Team, distributed between Paris and Portugal. You will own the monitoring of internet‑exposed assets, steer remediation plans across international banking entities, and manage key SaaS vulnerability and scoring platforms while reporting directly to the Group CISO Board.

Key responsibilities

• Attack Surface Management: act as the primary point of contact for external attack surface monitoring, scanning internet‑exposed assets and identifying perimeter risks.
• Remediation Steering: provide technical analysis, risk impact assessments, and filter false positives to define actionable remediation plans for internal entities.
• SaaS Platform Administration: handle daily administrative tasks such as asset tracking and user account management for edge vulnerability scanning and scoring platforms.
• Vendor & Ticket Management: coordinate with third‑party software vendors to resolve platform bugs and optimize service delivery.
• Executive Reporting: build, analyze, and present comprehensive vulnerability metrics and reports to the Group CISO Board.

Required profile

• Strong understanding of data structures, IT systems, and infrastructure security risks, with exposure to vulnerability management or security ratings.
• Offensive mindset with knowledge of basic hacking techniques and infrastructure audit methodologies.
• Highly proficient in data analysis and visualization using Excel, PowerBI, and SQL.
• Fluent English (mastery level); French is a strong plus.
• Ability to translate complex technical risks for non‑technical leadership.

Required skills

• Hands‑on experience with Qualys and/or BitSight (or similar EASM/Security Rating SaaS solutions).
• Proficiency in Microsoft Excel, PowerBI, and SQL for data manipulation and reporting.
• Familiarity with vulnerability management processes and offensive security concepts.

What we offer

• Exposure to a global banking footprint and direct interaction with the Group CISO Board.
• Clear long‑term growth path toward CSIRT/CERT or offensive security/penetration testing squads.
• Collaboration with diverse security experts across multiple international entities.