Vulnerability Management - Qualys

About KPMG in India

- Bachelor or college degree in related field or equivalent work experience
- 5 - 8 years of vulnerability assessment and management.
- Able to demonstrate experience, knowledge and skills in utilizing common vulnerability assessment tools and techniques.
- Hands on experiment to perform the vulnerability assessment on all infrastructure assets like windows/Linux servers, firewalls, routers, switches, appliances and software.
- Knowledge of security industry best practices (e.g. OWASP, SANS, NIST, CIS)

.

Implement, operate and manage the vulnerability management program.
Ensure scans are performed according to policies and scan frequencies.
Perform testing and vulnerability assessment using automated (commercial, open source) tools and manual techniques.
Host and database assessment and security configuration review. Perform security configuration analysis for various operating systems (e.g. Unix, MS windows and other network devices)
Network security architecture design review.
Review and analyze security vulnerability data to identify applicability and false positives.
Research and develop testing tools, techniques, and process improvements.
Conduct technical security/risk assessment and information security projects.
Identify and exploit technical vulnerabilities in systems, assess business risks to the technical vulnerabilities and communicate to relevant customers/staff
Administer the vulnerability Response System (VRP), and update it with new vulnerabilities and assign to relevant IT groups for assessment and possible fixes
Coordinate internal and third-party vulnerability assessments. Provide results to the appropriate technical teams and management.
Have a thorough understanding of technological requirements for KPMG systems and provide guidelines to effectively mitigate security risks.
Respond timely to ServiceNow tickets as needed
Keep open lines of communication within the team and collaborate with group members.
Report and escalate risk and key metrics. Effectively communicate security risk identified from assessments or monitoring to ensure appropriate implementation of security controls.
Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
Have experience on Risk-Based vulnerability management and prioritization tools like Kenna