Senior Expert - Vulnerability Management & Defensive Analytics(m/w/x)

# Senior Expert - Vulnerability Management & Defensive Analytics Job ID: 60534 Location: Lachen, CH Job Level: Professionals Job Category: IT Employment Type: Permanent position Career Level: We are seeking a highly skilled and motivated Senior Expert in Vulnerability Management & Defensive Analytics to join our growing Cyber security team. This individual will take ownership of our enterprise vulnerability management program and lead efforts in the development of advanced threat detection and defensive analytics capabilities. You will play a critical role in proactively identifying and mitigating security risks, ensuring the resilience of our global IT systems, and driving cyber maturity across the business. **What's the best thing about working with us?** * You help save lives - Every day is meaningful as we produce life-saving medicines * Family values - Long-term perspective for employees and relationships * Be rewarded with market-related salary and benefits package * You will have a high level of influence where you can make a difference and leave your footprint * Work with skilled and fun colleagues in a relatively informal organization * Skills development - We offer various internal and external employee and leadership trainings, trainee programs and digital solutions **What will you be doing as Senior Expert – Vulnerability Management & Defensive Analytics?** * Lead the Vulnerability Management Program: Drive vulnerability discovery, analysis, prioritization, remediation tracking, and reporting across Octapharma’s infrastructure and applications. * Defensive Analytics & Threat Detection: Develop and tune detection use cases, threat models, and behavior-based analytics using SIEM, EDR, and other telemetry sources. * Security Posture Improvement: Collaborate with infrastructure, development, and business teams to guide remediation, hardening and risk-reduction efforts. * Threat & Risk Prioritization: Analyze vulnerability data in the context of threat intelligence, exploitability, asset criticality, and business risk. * Automation & Efficiency: Integrate vulnerability data sources and analytics platforms with security automation and orchestration tools. * Leadership & Mentorship: Provide guidance to junior analysts and act as a subject matter expert in defensive cyber operations. * Metrics & Reporting: Define KPIs and produce executive-level dashboards to demonstrate program effectiveness and drive accountability **Who are you?** * University Degree in Information Security, IT or equivalent * Desirable: Relevant security certifications such as from ISC2, ISACA, CREST CCTIM or CCIM, SANS and Vendor Certifications. * 8+ years of professional work experience in IT with relevant roles such as systems developer, network engineering and operations, or security engineering. * 3+ years of experience in vulnerability management, preferably in organizations which have manufacturing business operations. * Strong knowledge of vulnerability scanning tools (e.g., Tenable, Qualys, Nexpose) and enterprise remediation workflows. * Familiarity with MITRE ATT&CK framework, CVSS scoring, and threat modeling. * Hands-on experience in scripting or automation (e.g., Python, PowerShell) to streamline detection and analysis tasks. * Strong understanding of Windows, Linux, and network infrastructure vulnerabilities. * Support Multiple environments: Apply vulnerability management and threat analysis skills across diverse and interconnected environments, including corporate IT, Cloud, and Operational Technology (OT), to ensure comprehensive risk visibility. * Framework-Guided Hardening: Experience in using industry security benchmarks (such as CIS or NIST) as a reference to help measure security posture and contribute to the development of hardening standards that align with business risks. * Excellent analytical and communication skills, with the ability to present technical findings to diverse audiences. * Experience in highly regulated industries (e.g., pharmaceutical, healthcare). * Exposure to cloud security (AWS, Azure), and container security practices. **The IT Department** You will report directly to the Group Director Information Security. The Security team is responsible for the design and implementation of Octapharma’s group security strategy and program. As a privately owned company, we benefit from a stable organizational structure and a long-term strategic vision. This allows us to implement a security program that is genuinely focused on generating business value while protecting Octapharma. Within our team, you’ll have the opportunity to engage in hands-on work, collaborate closely with internal IT teams and external partners, and develop strong business acumen through cross-functional initiatives. ***"There isn't a more key role in Cyber that can orchestrate, conduct and derive a positive security effect from our various System Owners across the globe. In this role, the successful candidate can look forward to coaching the best Cyber performance out of teams." - Richard Kearney, Group Director Information Security***