Work Experience : Min 4- 5 years
Employment Duration: 6 months contract
Vulnerability Assessment: Conduct regular vulnerability scans and assessments on systems, networks, and applications using Qualys, Nessus and Microsoft Defender.
Identify and classify vulnerabilities based on risk levels.
Risk Analysis: Evaluate the potential impact of identified vulnerabilities and perform PCI DSS scans quarterly.
Prioritize vulnerabilities based on severity and business context.
Remediation Coordination: Collaborate with IT and security teams to develop and implement remediation plans.
Track the status of remediation efforts and ensure timely closure of vulnerabilities.
Reporting and Documentation: Prepare detailed reports on vulnerability findings, trends, and remediation status for management.
Document processes and procedures for vulnerability management.
Tool Management: Manage and optimize vulnerability scanning tools and technologies.
Evaluate new tools and technologies for potential integration.
Collaboration: Work closely with incident response teams to address vulnerabilities related to security incidents.
Partner with development teams to integrate security into the software development lifecycle (SDLC).
Continuous Improvement:
Policy Development: Assist in developing and updating vulnerability management policies and procedures.
Ensure compliance with relevant regulations and standards (e.g., PCI DSS, NIST).
Threat Intelligence: Stay informed about the latest vulnerabilities, exploits, and threat intelligence.
Analyze and incorporate threat data into vulnerability assessments.
POC: Performing POC of the newly discovered vulnerabilities to verify and lower the FP rate, also perform POC of newly tools introduced as per project requirement.
Partner with development teams to integrate security into the software development lifecycle (SDLC).
Continuous Improvement: Participate in continuous improvement initiatives for the vulnerability management process.
Analyze metrics and feedback to enhance vulnerability management effectiveness.
Required Skills
- Technical Knowledge: Understanding of networking, operating systems, and application security.
- Analytical Skills: Strong ability to assess risks and analyze data.
- Communication Skills: Ability to convey technical information to non-technical stakeholders.
- Certifications: Relevant certifications (e.g., CISSP,OSCP, CEH, or specific vulnerability management certifications) are often preferred.
Qualification
- Bachelor’s Degree: Typically in Computer Science, Information Technology, Cybersecurity, or a related field.
- Certifications:- CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker) , OSCP (Offensive Security Certified Professional)
- Experience:- Prior experience in VAPT, IT security, risk management, or a related field is often preferred. Experience with security compliance standards and frameworks (e.g., PCI DSS, NIST, ISO 27001)
