Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Employer? Claim Account for FREE

Black Duck Software

Compare

4.0

based on 4 Reviews

16 Black Duck Software Jobs

Infrastructure & Vulnerability Management Engineer, Sr Staff

Black Duck Software

4.0

based on 4 Reviews

7-9 years

Bangalore / Bengaluru

1 vacancy

Infrastructure & Vulnerability Management Engineer, Sr Staff

Black Duck Software

posted 3mon ago

Job Role Insights

Flexible timing

Key skills for the job

Computer Science Python Linux Administration Penetration Testing Windows System Administration Information Security

+ 4 more

Job Description

The Black Duck Cybersecurity team is seeking a passionate, experienced, and collaborative practitioner to be a key member of our security operations team.

The Sr Staff Infrastructure & Vulnerability Management Engineer is responsible for identifying, assessing, and mitigating security vulnerabilities in IT infrastructure, networks, endpoints, and cloud systems using a variety of security tooling at their disposal. The position works collaboratively with security engineers and other IT and security professionals to implement security measures and evaluate the performance of those measures to ensure compliance with policies, regulations, and contracts. They monitor threats, trends, and attack patterns, and partner with security operations center analysts and business stakeholders to provide input for the creation of relevant, actionable security content representations.

Key Responsibilities

Conduct vulnerability assessments and penetration testing to identify security weaknesses in networks and network nodes, including cloud-based assets
Develop, implement, and maintain a vulnerability management program to prevent, identify, and mitigate security risks; manage tooling designed to discover, protect, and defend assets
Identify and prioritize vulnerabilities based on severity and potential impact to business revenue
Collaborate with other IT and security professionals to implement security measures and ensure compliance with security policies, regulations and contracts
Monitor and track vulnerabilities and provide actional remediation recommendations to asset owners
Conduct risk assessments to identify potential security threats and vulnerabilities
Guide research, mentor junior staff, and keep current on the latest emerging threats, attack patterns, and adversaries
Partner with stakeholders to drive improvements in technology adoption and security governance
Works collaboratively on threat intelligence-gathering activities and conducting hypothesis-driven threat-hunting activities

Collaborate with cross-functional teams to provide threat intelligence insights and recommendations

Qualifications

Strong written and verbal communication skills; ability to establish and maintain strong working relationships with team members and other functional groups
Possesses knowledge of a variety of threats, malicious actor personas, attack patterns, exploits, and common vulnerabilities
Understands the MITRE ATT&CK Frameworks, Cyber Kill Chain, and Diamond Model concepts
Demonstrates an understanding of current and emerging security threats
Prior experience with threat-hunting activities
Prior experience as an incident responder, security operations analyst, or security engineer
Understanding of common attack patterns and Indicators of Compromise (IoCs) across Windows, MacOS, and Linux-based operating systems
Experience creating scripts using Python or similar languages
Experience with developing and refining network signatures to enhance detection capabilities and improve the identification of evolving cyber threats and vulnerabilities
Experience in drafting technical reports summarizing forensic findings a plus
Familiarity with intrusion detection system (IDS) alerts a plus
Familiar with security tooling such as Qualys, Tenable, Rapid7, Metasploit, Nmap,
Splunk, LogRhythm, CrowdStrike Falcon, and M365 E5 security stack
Must be familiar with the operation of firewalls, intrusion detection systems, and antivirus software.
Experience with advanced digital forensics tools and methodologies to investigate security breaches, including malware analysis, network intrusion detection a plus
Experience in conducting digital forensics investigations by analyzing data from network data acquisition kits and other artifacts to identify indicators of compromise a plus
7+ years in an incident response role or working in or with a security operations center
5+ years of experience in evaluating, deploying, and managing endpoint, network, and cloud security tooling
Bachelor s degree in information security, computer science, or a related field or equivalent combination of education, training, and experience
Holds or is willing to obtain job-related security certifications