Vulnerability Management Specialist

Be part of progress

Introduction to the job

As a vulnerability management specialist, you are responsible for scheduling, detecting, analyzing, reporting and managing the Emergency Patching Process activities within the company’s technology domains.

Role and responsibilities

Do you like to drive structural improvements and work with a wide range of IT disciplines? Are you passionate about security and do you like the challenge of protecting the IT infrastructure and information assets in one of the most technical developed companies in the world? Then we would like to talk to you!

In this position you will apply your analytical, reasoning & specialized technical security expertise to investigate, isolate and track critical security vulnerabilities in a risk-based manner. You will be reporting upon and performing quality assurance on the vulnerability management processes and procedures. You will interact with stakeholders on different levels in ASML IT, but also within ASML sectors. Your key responsibilities:

• Develop and maintain the patch & vulnerability management policies and standards, and support the development of processes, systems and measurements that enable the organization to manage released patches and assure compliance towards the standards.
• Drive and support the Prio Patching process and coordinate the response upon detected (critical) vulnerabilities.
• Manage, monitor and report upon priority / emergency patching process and compliance against ASML’s patch standard.
• Align upon proposed next steps with stakeholders and monitor and report upon progress of agreed risk mitigation.
• Take a leading position within the Vulnerability Management team, where you will define strategic direction, provide guidance, and support team members—without holding hierarchical responsibility.

Education and experience

To be successful in this position, it is important that you have hands on experience and expertise in vulnerability management at least 4 years or more. Vulnerability Management is active in the area of Cloud & container (must), infrastructure, applications, containers, workplace and API’s (amongst others), so there are different areas to work in depending on your knowledge, experience and interest but this vacancy is mainly focused on Cloud & Container environment. The ideal candidate will have:

• A degree in computer science, information technology, computer engineering or equivalent experience.
• Preferable 4 plus years experience as a security analyst in a large organization.
• Extensive proven experience in vulnerability management in Cloud & Container.
• Knowledge of malware, hacking techniques, cyber threats and security trends.
• Experience in collecting information through research and interviews.
• Experience in Executing Threat and Vulnerability Analysis (TVA) and/or IT Security risk assessments on IT services, network & Cloud infrastructure and (web + mobile) applications.

Skills

You are a team player, self-starting with excellent communication, interpersonal, coordination, and problem-solving skills. You are able to interact with all levels amongst other users, engineers, executives and senior managers. You possess a high level of initiative, accountability, professional diligence and attention to detail as well as:

• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments.
• Analytical, precise, tenacious, autonomous.
• Capable to digest large amounts of new information quickly and derive key security vulnerabilities.
• Able to hold your own and defend your position in a flexible / changing and demanding environment.
• Ability to mitigate and overcome organizational resistance.
• Experience in convincing and chasing stakeholders in an international environment.
• Excellent English verbal and written communication and presentation skills.

Other Information

ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the dedication of a company that recognizes and rewards extraordinary performance.

• Valid industry certifications such as the Certified Cloud Security Professional (CCSP) and Certified Information Systems Security Professional (CISSP) are a plus.
• Preferable experience and/or knowledge of working with Agile SAFe.
• Experience in vulnerability management in Application, server, network infrastructure, API’s and workplace environment is a plus.
• Command of the Dutch language is a plus; being (already) based and allowed to work in The Netherlands is a must.
• A Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.

This role is positioned within the Infrastructure Security team within Expertise Security which is part of the Risk & Business Assurance and Security department of ASML Corporate.

This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.