Threat and Controls Assessment Consultant
ref nr: 197/2/2026/PK/94438
In Antal we have been dealing with recruitment for over 20 years. Thanks to the fact that we operate in 10 specialised divisions, we have an excellent orientation in current industry trends. We precisely determine the specific nature of the job, classifying key skills and necessary qualifications. Our mission is not only to find a candidate whose competences fit the requirements of the given job advertisement, but first and foremost a position which meets the candidate’s expectations. Employment agency registration number: 496.
Work model: Hybrid – presence in the office 6 days per month
Location: Kraków or Warsaw
Rate: 170–190 PLN/hour
Type of cooperation: Contracting (B2B)
Threat and Controls Assessment Senior Analyst
What you will be doing
The Threat and Controls Assessment Senior Analyst will work as part of a global team to perform Threat Modelling activities.
This role reports to the Threats and Controls Assessment Regional Lead and closely collaborates with peers across Penetration Testing, Secure Development, Third Party Security Assessment, as well as Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.
Key Responsibilities:
-
Perform effective threat and control assessments of services within internal, external, and cloud environments.
-
Liaise with Developers, Architects, and other Technical Leads to understand end-to-end services and identify control gaps.
-
Understand business requirements, evaluate potential products/solutions, and provide technical recommendations.
-
Be hands-on with technology and contribute to the design, development, and support of projects with security recommendations.
-
Identify threats across the IT estate, including applications, databases, networks, and other infrastructure components.
-
Engage with other Cybersecurity teams, senior management, and business stakeholders when addressing potential security issues.
-
Contribute to process, procedure, and tool identification/development.
-
Stay up to date with industry trends and best practices.
Good Risk and Controls Understanding
-
Knowledge and exposure to Risk and Control Management.
-
Ability to understand and assess threats, controls, and vulnerabilities, articulating them to both technical and business stakeholders.
-
Industry-recognised cybersecurity certifications (e.g., CISSP, CRISC, CISM, or Cloud Security certifications) are desirable.
Strong Technical Background
-
Proven experience in general security concepts and principles.
-
Hands-on experience with threat modelling and strong technical understanding of vulnerability assessment across diverse enterprise IT assets.
-
Strong understanding of application design and architecture.
-
Knowledge and experience in network, host, and application security practices.
-
Good working knowledge of one or more Cloud Service Providers (AWS, GCP, or Azure).
-
Strong understanding of the Software Development Life Cycle (SDLC) with a focus on security.
-
Experience in continuous improvement and process optimisation.
-
Understanding of emerging technologies and associated security threats.
Strong Stakeholder Management and Communication Skills
-
Experience working in international and diverse environments.
-
Experience engaging with business, technology, regional, and regulatory stakeholders.
-
Ability to effectively translate technical gaps into business risk for key stakeholders.
Benefits:
-
Private medical care
-
Multisport card or access to the MyBenefit cafeteria platform
-
Life insurance
