Vulnerability Management Engineer II - Cybersecurity

Role Proficiency:

Oversee and support the continuous improvement of the vulnerability management program initiatives process technology integration and technical assessment. Enhance technology and/or process to validate inventory of critical infrastructure and applications are in place.

Outcomes:

1. Identification of vulnerabilities in the organization s network and IT infrastructure.
2. Evaluation of risk associated with the vulnerabilities.
3. Vulnerabilities prioritization based on their severity and impact.
4. Responsible for the quality of deliverables of the team.
5. Perform gap analysis of current vulnerability remediation policies and processes versus industry best practices for a healthcare organization to identify opportunities for improvement.
6. Track and ensure remediation of identified vulnerabilities.

Measures of Outcomes:

1. Mean time to remediation
2. Risk score
3. Average vulnerability age
4. Rate of recurrence
5. Total risk remediated/ coverage
6. Average time to action
7. Average Vulnerability Age
8. Internal Vs External Exposure
9. Rate Of Recurrence
10. Total Risk Remediated

Outputs Expected:

Vulnerability Management:

1. Provide reporting and analysis and follow-up.
2. Provide vulnerability analysis and produce reports for management.
3. Own and manage identified threats vulnerabilities to ensure their complete remediation.
4. Configure
   schedule
   and execute vulnerability scans

Continuous Learning
innovation
and optimization:

1. Ensure completion of the learning program suggested by Managers
2. Suggest ideas that will help innovation and optimization of processes
3. Stay on top of the security research community
   to be up to date on current attacks
   campaigns
   and trends to initiate innovative research activities.
4. Perform gap analysis of current vulnerability remediation policies
   and processes versus industry best practices for a healthcare organization to identify opportunities for improvement.
5. Track and ensure remediation of identified vulnerabilities by weekly reports.

Skill Examples:

1. Understanding of attacker behaviors and techniques is required.
2. Threat modeling
3. Proficiency in Vulnerability management tools such as Spotlight Rapid7 Nessus Tenable or Qualys.
4. Strong communication skill
5. Ability to learn and view vulnerabilities with a risk-based lens are required.
6. Strong analytical skills and efficient problem solving
7. Security hardening techniques and hardening standards patching
8. Ability to design and document security operational procedures

Knowledge Examples:

Knowledge Examples

1. Familiarity with basic security concepts in vulnerability management network security systems administration or other areas of technology is required.
2. A strong understanding of the current threat landscape including the latest tactics tools and procedures common malware variants and effective techniques for detecting this malicious activity.
3. Exploit development.
4. Security certifications such as CEH GPEN GSEC CISSP.
5. Bachelors degree in Computer Science Information Technology Cyber Security or related discipline.

Additional Comments:

Mandatory Skills: Qualys Skill to Evaluate: Qualys Experience: 8 to 12 Years Location: Bengaluru Title: Threats Vulnerabilities Operations Engineer About the role: This is a HANDS-ON engineering position for individuals with a passion for Vulnerability Management, managing related tools and supporting business. The role is 70% focused on providing operations support and 30% focused on new projects, enhancements. This is a contractor position based out of the Office in Bengaluru, with opportunity to be converted to full time employee position in 6 months. Hybrid working model is available. Education: A university bachelors degree in Cyber Security or Computer Engineering is a must-have One or more certifications from any of the security education-credentialing institutes like GIAC, SANS Institute is a plus Recruiting Team: The recruiting team works on various security domains like Endpoint Security, Threats Vulnerabilities management, Inventory management, Data Analytics, Cloud Security. Prior Experience: Must-Haves: Minimum experience of 8 years in the field of Threats and Vulnerability management in a corporate environment Hands-on expertise operating, integrating Qualys platforms using the console, scripting and automation frameworks Hands-on expertise programming in Python Hands-on experience analyzing Vulnerability data for both on-prem, cloud and cloud native environments Have a sense of urgency in production issues and be a proactive speaker and listener Preferred: Hands-on experience in programming with networking stack, TCP/IP stack, compute technologies (virtualization, containerization), storage Hands-on experience implementing and integrating security stacks in support of Threats Vulnerabilities management Knowledge of technical design of the security controls (especially in the Windows OS) Day-to-day responsibilities: Manage Qualys console using various modules Make sure client agent coverage is managed at a good level Support business with Qualys and/or Vulnerability Management requests Understand the current state of the technology components in the IT stack ranging from networking, storage, compute (virtualization, containers), applications security mgmt Collaborate with team-mates and understand the threats, vulnerabilities and risks to the enterprise Establish non-production and production environments for testing and hosting the applications Own the end-to-end technical design, unit testing and the maintenance of the hosting environment Adhere to the Scaled Agile Framework methodologies and tools that exists in the environment Participate in daily stand-up sessions of Compliance Security release train and contribute to bi-weekly sprints Learn System Engineering concepts to analyze existing environment and find more efficient ways Identify ways of doing things with full automation, AI and ML which needs knowing/learning the concepts of these technologies. Success Factors: Maintain regular communication with supervisor and continually update needs priorities to the supervisor Critical analytical, problem-solving skills is essential Be able to communicate clearly the message via oral communication and written communication Possess an assertive communication style but maintain a positive relationship with all team members and stakeholders Strong focus on continuous learning and improvement.