Vulnerability Management Analyst (Hybrid set up)

Are you passionate about cybersecurity and ready to make a real impact in protecting one of the world's leading reinsurance companies? Join Swiss Re's Security Team in Madrid and play a pivotal role in keeping our global infrastructure safe, resilient, and ahead of emerging threats. This is your opportunity to bring your vulnerability management expertise to a collaborative, forward-thinking environment where your work genuinely matters.

About the Role

As a Vulnerability Management Analyst, you will be at the heart of Swiss Re's cyber defence strategy. Working closely with Incident Response, Threat Intelligence, and Engineering teams, you will help identify, prioritise, and remediate vulnerabilities across our complex global landscape. From responding to zero-day threats to refining operational processes, your contributions will directly strengthen Swiss Re's security posture every single day.

Key Responsibilities

• Monitor Swiss Re's attack surface to identify vulnerabilities and faulty internal processes, continuously improving our overall security posture
• Collaborate with the blue team to respond swiftly and effectively to zero-day vulnerabilities and severe threats impacting our system landscape
• Maintain and optimise an end-to-end vulnerability management process, including associated Service Level Indicators and Objectives (SLIs & SLOs)
• Partner with the Vulnerability Management Engineering team on vulnerability identification and the optimisation of scanning tools and technologies
• Analyse how current and emerging vulnerabilities can be exploited within our system landscape and translate findings into actionable insights
• Prioritise vulnerability remediation based on contextual risk ratings, ensuring the most critical risks are addressed first
• Support the development and improvement of vulnerability management processes in collaboration with the Team Lead
• Guide and support IT asset owners through vulnerability remediation activities and risk assessments
• Deliver regular, clear reporting on Swiss Re's security posture to stakeholders across the organisation

About the Team

The Security Team is the focal point for all security activities across Swiss Re. We are responsible for cybersecurity engineering and operations, governance, risk, and compliance defining and continuously advancing the company's security strategy. Within this team, the Vulnerability Management Team's mission is to ensure that Swiss Re's infrastructure components and applications are continuously tested and scanned for all known vulnerabilities and security misconfigurations. We work in close collaboration with red and blue teams to build and maintain continuous resilience against emerging threat actors. We are a passionate, skilled group of professionals who take pride in protecting Swiss Re's global security landscape.

About You

You are a curious and driven cybersecurity professional who thrives in a collaborative, fast-paced environment. You bring a sharp analytical mind, a proactive approach to problem-solving, and the ability to communicate complex security topics clearly and empathetically to a wide range of stakeholders. You are comfortable navigating sophisticated conversations across multiple teams and geographies, and you take ownership of your work with confidence and integrity.

We are looking for candidates who meet these requirements:

• 3+ years of professional experience in vulnerability management, Security Operations (SOC), or Incident Response, with demonstrable hands-on expertise in the vulnerability management domain
• Strong knowledge of corporate IT environments and core security principles, including an in-depth understanding of how vulnerabilities can be identified, exploited, and remediated
• Strong communication skills in English, both verbal and written, with the ability to convey technical findings clearly and concisely to both technical and non-technical audiences
• University degree in Business IT, Computer Science, or a comparable field or equivalent professional experience
• Understanding of application security practices, including SAST, DAST, SCA, container security, and CI/CD practices.

These are additional nice to haves:

• Experience with coding and automation (e.g., Python, PowerShell, APIs) to streamline vulnerability management workflows.

• Proven ability to drive change adoption across cross-functional teams in a large, complex organisation
• Familiarity with threat intelligence frameworks (e.g., MITRE ATT&CK) and their application in vulnerability prioritization
• Experience working in a multinational or matrixed organisation, collaborating across multiple locations and time zones
• Relevant cybersecurity certifications (e.g., CEH, OSCP, CISSP, or similar) are a plus
• Demonstrated passion for staying current with emerging cybersecurity threats, industry trends, and technological advancements, including hands-on exploration of AI and frontier technologies.

For Spain, the base salary range for this position is between 42,000 EUR  and 70,000 EUR for a full-time role.

The specific salary offered considers:

• The requirements, scope, complexity and responsibilities of the role
• The applicant's own profile including education/qualifications, expertise, specialisation, skills and experience

In the situation where you do not meet all the requirements or you significantly exceed these, the offered salary may be below or above the advertised range. In addition to your base salary, you may be eligible for additional rewards and benefits including an attractive performance-based annual bonus.

Our company has a hybrid work model (50:50)  where the expectation is that you will be in the office 2-3 days per week.