Pentest findings analyst

Who is Volkswagen Financial Services?

It's been more than 70 years since Volkswagen Financial Services AG financed the first Volkswagen vehicles in Germany in 1949. A lot has changed since then, but our core goal hasn't; ensuring we meet the mobility needs of the people.

Volkswagen Financial Services today operates in 48 markets through its various subsidiaries, shareholdings, and joint ventures. Volkswagen Financial Services is the largest provider of automotive financial services worldwide.

At VWFS Porto, we are proud to foster a gender-equal workplace, where diversity is celebrated, and every individual is provided with equal opportunities to thrive and succeed.

In this role you will be responsible for:

Penetration testing helps us identify security vulnerabilities early and protect our organization as well as our international subsidiaries against evolving cyber threats.

We are looking for a technically skilled professional with solid experience in penetration testing or application/infrastructure security. The primary responsibility of this role is to review, validate, and assess findings originating from penetration test reports, ensuring technical soundness, plausibility, and alignment with internal security standards.

As a regulated entity in the financial sector, our security practices must comply with strict supervisory requirements. Penetration testing is a mandatory component of several European and national regulations, including: EBA, BAIT, DORA, TIBER-EU.

These frameworks influence the depth, methodology, reporting requirements, and governance of penetration testing activities within a regulated financial environment.

Description of the Service:

• Analyze findings from penetration test reports and assess their technical correctness, severity, and relevance.
• Verify whether findings are reproducible and understandable from a technical perspective.
• Request clarifications from testers or system owners when needed.
• Evaluate proposed remediation approaches for technical plausibility and effectiveness.
• Validate whether implemented fixes sufficiently address the original vulnerability before closure.
• Support stakeholders in interpreting remediation guidance provided by pentesters.
• Advising engineering and operations teams on mitigation and remediation actions.
• Review extension requests for pentest findings (e.g., deadline prolongations) and assess their justification and risk impact.
• Collaborate closely with system owners, pentesters, security operations teams, and risk stakeholders.
• Provide clear feedback on remediation quality.
• Contributing to the continuous improvement of the enterprise-wide penetration testing framework.
• Ensuring consistency with internal standards and alignment with BAIT, EBA, DORA, and TIBER requirements.

We believe that the right profile for this role should have / be:

• At least 3 years of hands-on experience in penetration testing, security assessments, red teaming, or secure development.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10, SANS Top 25).
• Practical, hands‑on experience working with regulatory cybersecurity frameworks applicable to financial institutions, including BAIT, EBA ICT & Security Guidelines, DORA, and TIBER‑EU/TIBER‑DE.
• Ability to technically reproduce findings or validate remediation steps.
• Experience working with security testing reports, ticketing systems (e.g., JIRA), or vulnerability management tools.
• Background in IT security, infrastructure, software engineering, or related fields.
• Strong analytical skills and attention to detail.
• Excellent communication skills for coordinating with technical and non‑technical stakeholders.
• Structured, solution-oriented way of working.
• Relevant security certifications (e.g., OSCP, OSWE, GIAC GPEN/GWAPT) are a plus but not required.
• Fluent in English (at least B2 level); German language skills are a plus.
• Willingness and ability to travel as needed.

What we Offer:

• Long-term contract.
• Competitive package including private health insurance, life insurance and meal allowance (pay by meal card).
• Bonuses and benefits depending on performance.
• Schooling allowance and pension scheme.
• Incredible and unique annual company events.
• Opportunity to work on an international project and be part of multicultural and multidisciplinary team.
• Solid performance evaluation and career management methodologies.
• Continuous training – technical and behavioral development.