Dream Big.  Go Beyond. Be Unstoppable.
 

About Us

Kyriba is a global fintech leader empowering CFOs and finance teams with cloud-based treasury, payments, and risk management solutions. We serve 3,000+ customers worldwide, managing $15 trillion in payments annually and helping businesses optimize liquidity performance across the enterprise.

We're on a mission to become the most sought-after cloud technology company globally.  We think big, innovate relentlessly, and challenge the status quo every day. If you are a problem-solver who’s ready to push boundaries and achieve more than you thought possible-you'll find an exceptional career within an extraordinary business.

Location: Warsaw-hybrid

What you’ll do

• Drive vulnerability management outcomes across cloud and enterprise environments: refine scanning scope, coverage, and signal quality to enable measurable risk reduction.

• Prioritize vulnerabilities using risk-based context: correlate CVEs/CVSS/EPSS/KEV with asset criticality and threat intel; translate into actionable remediation plans and SLAs.

• Advance exposure management: integrate signals from endpoint scanning to illuminate exploitability, attack paths, and control gaps—shifting from “findings” to “exposure reduction.”

• Strengthen EASM practices to minimize attack surface exposure across our Internet-facing infrastructure.

• Collaborate and coordinate with global TVM team members and partner teams (Engineering, SRE, Platform) to execute remediation at scale, including orchestrated patching, configuration baselines, and secure configurations across AWS and enterprise systems.

• Mature TVM processes and reporting: co-develop dashboards and executive-ready metrics on risk posture, SLA adherence, mean-time-to-remediate, and exposure trends; contribute to shared playbooks and standards used globally.

• Support validation and response: work with Incident Response to validate high-risk findings, identify exploitation patterns, and advise on rapid compensating controls.

• Maintain and improve documentation, runbooks, and enablement materials that help teams remediate faster and “design out” classes of vulnerabilities.

What you’ll bring

• 5–8+ years in Cybersecurity with hands-on experience in vulnerability assessment and remediation across cloud (AWS) and enterprise environments.

• Strong expertise with enterprise vulnerability management and exposure reduction, including building prioritized, risk-based remediation backlogs and SLAs.

• Practical knowledge of OS, network, and web application vulnerabilities, with realistic remediation paths and compensating controls.

• Experience with: a leading vulnerability scanning/management platform for endpoint and server TVM (e.g., CrowdStrike Exposure Management, Tenable, Qualys, Rapid7) including enrichment/validation of findings; analytics and reporting solutions for event correlation and operational dashboards (e.g., Splunk, Microsoft Sentinel, ELK, Google Chronicle; asset inventory and context enrichment tooling (e.g., Axonius, ServiceNow CMDB/Discovery, JupiterOne); major cloud provider security services supporting tagging and automation (e.g., AWS, Azure, GCP); and ticketing/work management systems for workflow and SLA tracking (e.g., Jira Service Management, ServiceNow ITSM/SecOps).

• Ability to validate findings, reduce false positives, and reproduce exploit paths to guide urgency and business risk framing.

• Scripting/automation skills (Python, Bash, or PowerShell) for data collection, correlation, reporting, and workflow automation in TVM/EM programs.

• Excellent communication and stakeholder skills; adept at coordinating across time zones with global teammates and briefing executives succinctly.

Nice to have

• CNAPP or cloud exposure management experience (e.g., Wiz/Prisma Cloud/Defender for Cloud) and familiarity with consuming IaC/policy-as-code scanning outputs.

• Familiarity with software supply chain risk concepts (SBOMs/attestation) for coordination and risk context.

• Certifications such as CISSP, GCSA, GMON, GCIH, GCIA, GPEN, or cloud security certs.

Impact and growth

• Collaborate with a global, high-caliber TVM function to reduce exploitable risk for a cloud-native SaaS platform.

• Influence security-by-design and remediation guardrails relevant to TVM and exposure reduction.

• Ongoing learning, certifications, and conference sponsorship aligned to your development plan.

Our Values Guide Everything We Do

• Think Big & Constantly Innovate: We have the confidence to think big, embrace change, challenge the status quo, and continuously evolve - incorporating new technologies and driving industry progress.

• Put our Customers’ Needs First: We are passionate about delivering the highest value for our customers and supporting them with end-to-end care throughout their journey with us.

• Act with Integrity: Integrity is at the heart of everything we do. We take personal responsibility for our actions, own our decisions, and honour each other’s contributions. We empower each other through honesty, respect, trust and transparency.

• Work as One Team: We are driven by our common goals and share in each other’s successes and failures, learning and working together as a team where everyone can bring their best selves.

• Strive for Excellence while Having Fun: We enjoy tackling new challenges together, and revel in continuous improvement as we deliver, with ultimate professionalism, the very best for our customers, while exceeding our own expectations.

Kyriba offers a comprehensive compensation package, including a range of health, welfare and wellbeing benefits designed to support both your professional and personal life.

Kyriba believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship, and genetic information.

If you require a reasonable accommodation to complete any part of the application or interview process, or to perform essential job functions, please contact us at [email protected]. Requests will be handled confidentially and in accordance with applicable local laws.