Would you like to join the leading international intergovernmental organization?

The Vulnerability Assessment Engineer is a senior technical role responsible for leading and executing complex, on-site CIS Security Audits (Type-3) across NATO and partner facilities. Operating with minimal supervision, the engineer will plan and conduct assessments of networks, systems, and applications, analyze security data, and produce authoritative reports and briefings to drive remediation. The role requires extensive hands-on expertise with enterprise security tools, cloud environments, modern architectures, and a deep understanding of offensive and defensive security principles.

Responsibilities:

• Plan and execute technical On-site CIS Security Audits (Type-3) for networks, systems, and applications, and ensure the accuracy of the results;

• Analyse collected assessment data and identify security weaknesses;

• Write Security Audit reports with findings and appropriate recommendations;

• Provide briefings and further information to support remediation and mitigation;

• Contribute to development of in-house toolset for data collection and analysis;

• Performs other duties as may be required.

Required qualifications and experience:

• Proven, in depth understanding of computer and communications security, enterprise networking, and the vulnerabilities inherent in modern operating systems and applications;

• Ability to assess a variety of security controls aligned with industry best practices, including Zero Trust Architecture and Data Centric Security principles;

• Expert knowledge in executing vulnerability assessment scans across large, complex networks without impacting system availability or performance;

• Demonstrable hands on experience with Tenable Nessus products, including advanced configuration and customization;

• Extensive proficiency in developing and deploying Nessus audit files to enforce compliance checks for operating systems, network Skill, Knowledge & Experience: devices, and applications;

• Thorough understanding of Active Directory security configuration and associated vulnerabilities;

• Advanced knowledge of Microsoft Azure AD / Entra ID / Office 365 and AWS Cloud Security, with practical experience in securing hybrid and cloud environments;

• Familiarity with DevSecOps practices, embedding security into CI/CD pipelines and cloud native deployments;

• Comprehensive experience in assessing and implementing system hardening measures, antimalware configurations, and endpoint protection strategies;

• Ability to benchmark systems against recognized security standards (e.g., CIS Benchmarks, NIST);

• Applied expertise in Artificial Intelligence, including the capability to assess Large Language Models (LLMs);

• Proficiency in implementing and securing Ansible deployments; Expertise with Software Defined Networking (SDN) and Service Oriented Architecture (SOA) implementations;

• Capability to integrate modern architectures with enterprise security frameworks;

• Enhanced skillset in data processing automation using scripting languages (e.g. PowerShell, Python, Bash);

• Ability to build repeatable workflows/checklists to improve efficiency and reduce human error;

• Excellent communication skills, including briefing senior stakeholders, delivering clear presentations, producing high quality reports, and mediating technical discussions;

• Strong interpersonal abilities with a proven track record of working independently and collaboratively within multidisciplinary teams;

If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.