Vulnerability Management Specialist - Penetration Testing (4-9 yrs)

Job Title : Vulnerability Management Specialist

Primary Skills :

• Nessus Configuration & Migration : Expertise in configuring Nessus and migrating it to Azure.
• Penetration Testing : Hands- on experience with Metasploit for network penetration testing.
• Security Compliance : Strong knowledge of security benchmarks like CIS, NIST, and industry best practices.

• Lead and execute vulnerability assessments using Nessus.
• Perform penetration testing using both manual techniques and automated tools, including runtime vulnerability testing.
• Automate recurring security controls to improve efficiency and expand coverage.
• Conduct risk analysis and identification to prioritize remediation efforts.
• Perform configuration reviews of servers, network devices, databases, and other critical assets.
• Engage with clients to understand security requirements, provide updates, answer queries, and present reports.
• Implement and manage a Vulnerability Management Program (VMaaS) across the enterprise.
• Analyze discovered vulnerabilities and collaborate with stakeholders to develop mitigation plans.
• Develop strategies and technology roadmaps for vulnerability remediation.
• Ensure compliance with minimum baseline security standards aligned with security benchmarks.
• Mentor and lead a team of vulnerability management specialists, fostering skill development.
• Participate in technical discussions with auditors, regulators, and third parties when needed.
• Conduct security audits based on industry hardening benchmarks (CIS, NIST, etc.).

• Strong expertise in Nessus configuration and migration to Azure.
• Hands-on experience in penetration testing, including Metasploit.
• Experience with risk assessment and vulnerability management frameworks.
• In- depth understanding of server/network/database security configurations.
• Strong communication skills to engage with stakeholders and present findings.
• Knowledge of security compliance frameworks (CIS, NIST, ISO 27001).