Daily operations and maintenance of vulnerability scanning tools and supporting infrastructure
Register the assets in the scanning tool and perform scanning as per the agreed schedule
Perform Vulnerability Management, including but not limited to: supporting scan tools, implementing vulnerability scans, performing analysis, recommending / tracking mitigations
Analyze results of penetration testing and provide executive reports with recommendations for mitigation
Review and analyze security vulnerability data to identify applicability and false positives; recommend corrective actions for mitigation
Publish reports as per the defined schedule on identified security vulnerabilities as well the control gaps identified during security control review
Track remediation of vulnerabilities by using agreed-upon action plans and timelines with responsible technology developers and support teams
Assist in metrics development and reporting
Devise methods to automate testing activities and streamline testing processes
Provide oral briefings to leadership and technical staff, as necessary
Support and run vulnerability management scans of the customer systems (using tools like Tenable Nessus, Qualys, etc.)
Plan and handshake vulnerability schedule with customers stakeholders
You will bring
Solid understanding of security controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
Working knowledge of scanning tools (Nessus, Qualys, IBM AppScan, etc.)
Strong understanding of enterprise, network, system and application level security issues
Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks also with available security control (technical process control) for respective layers
Experience writing technical reports and executive summaries
The ability to provide support after normal business hours
The ability to work constructively under pressure
Ability to work both in a team as well as individually
Participate in the out-of-hours on call rotation, providing technical support to the business for incidents