Job Description

JOB DESCRIPTION Role Proficiency: Under supervision of Team Lead / senior team members detect evaluate communicate and track security vulnerabilities. Leverage available security scanning and assessment tools to prevent emerging threats. Outcomes: Under supervision of the Team Lead / senior team members perform vulnerability assessment scans using the VM tools like Qualys. Identify vulnerabilities evaluate the reports and monitor or oversee the mitigation efforts. Configure the scheduled scans and interpret the assessment results along with the management of the asset. Assess the configuration and vulnerability of databases Leverage the available security scanning and assessment tools to detect evaluate and prioritise critical security flaws Perform asset discovery scans and configure scheduled scans on the assets. Monitor and ensure unerring scans. Extend support to junior team members in performance of day to day operations. Under supervision communicate and escalate identified vulnerabilities etc. per defined process. Adhere to defined processes including housekeeping tasks. Adhere to the Information Security policies as defined by the company and customer. Measures of Outcomes: On-time delivery of scan reports Accuracy of risk assessment and prioritisation Customer satisfaction with service Quality of service (percent of major vulnerabilities missed incorrectly classified) Adherence to process Outputs Expected: Vulnerability Scanning : Perform asset discovery and vulnerability scans and categorize by tagging the assets. Cater to the ad-hoc scan requests for the various assets in the infrastructure. Perform network scans on endpoints using tools like Qualys Nessus etc Configure and manage various asset groups asset tags and scanning profiles Vulnerability Assessment: Analyse the scan results by correlating the data with a set of known vulnerabilities providing clear concise interpretations Assess and prioritize risks related to vulnerabilities Under close supervision of the lead remediate security vulnerabilities within scope Reporting and Communication: Provide timely and accurate information to senior analysts in both written and verbal communications. Ensure that reports are accurate and complete. Track all vulnerabilities using ticketing systems through closure. Document the remediation tasks. Coordinate with relevant teams to ensure the mitigation of vulnerabilities Communicate and escalate per defined process Continuous Learning Innovation and optimization: Ensure completion of learning program suggested by Managers Suggest ideas that will help innovation and optimization of processes Assist junior team members whenever possible. Skill Examples: Fair skills in use of VM scanners and tools like Qualys Nessus etc. the ability to administer the tools under supervision. Excellent logical problem-solving ability and analytical skills to assess vulnerabilities and prioritizing etc. Ability to adapt to new technologies and tools especially in the Vulnerability Management and Assessment space. Good written and verbal communication skills. Continually learn new technology and stay updated on vulnerabilities / cyber threats etc. Ability to work in rotating shifts and be on-call outside of shift hours on a regular and recurring basis. Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check Knowledge Examples: 1 to 3 Years experience as VM Analyst in a global organization. IT Infrastructure experience in Networks Servers and Firewall SOC Experience. University Degree in Cyber Security (no back papers) / Bachelor\'s in Engineering or Science. Training with demonstrable knowledge in the basics of Cyber Security Sound understanding of vulnerability scanning process. Sound understanding of Security Vulnerabilities Vulnerability Management Assessment Scanning Sound comprehension of enterprise IT Infrastructure including Networks OS Databases Web Applications etc. Basic knowledge of TCP/IP and Network Security Protocols. Awareness of ISMS principles and guidelines. Relevant frameworks (e.g. ISO27001) Desirable - Training or Certification in relevant areas like Vulnerability Management VM tools like Qualys Nessus Ethical Hacking Network Security etc Additional Comments: The primary purpose of this role is to support the ongoing initiative on Vulnerabilities management, GitHub code scanning and remediation and Service IDs management thru CyberArk. This a key role for designing and implementing enhancements to the tools and processes based on security best practices, service escalations, and requested improvements. This position will be offshore and required to work during UST (Central Time) from UST Development centre. This position will report to the Project Manager and Program Administrator. . This role is a consultant role that needs to communicate with the client\'s technical resources hence require in-depth understanding of the [Sadineni, Rahul] Application security and technologies. . Candidate must have working experience on the software vulnerabilities and their remediation process and must be able to communicate with stakeholders on this subject to prioritize them for remediation. . Candidate must have good understanding with the version control and source code management tools like GitHub and its configuration. Required to communicate with stakeholders to remediate the identified secrets in the code. . Candidate must have exposure and experience working on any Privilege Access Management (PAM) tool. Client uses CyberArk. Experience of working with CyberArk will be good but not must. Must be willing to learn working with CyberArk. . Candidate must understand the concept of various user/system/service accounts application might have and must collaborate with the stakeholders to migrate them to CyberArk according to security policies. . Candidate must be able to advocate best practices in securing the middleware systems to support SOC II/HITRUST audit framework. . Candidate must have hands-on experience in scripting in any scripting language that will help building some automation tool to use. . Candidate must have working knowledge on PowerBI to create Dashboards for reporting. . Exposure and knowledge about Enterprise tool, Brinqa and the scanning tool Nessus is plus.

foundit