You should be good at performing vulnerability assessment and articulate the findings in an easily consumable manner to the asset owners. Hence it is expected to have good reporting skills as well.
Execution of the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch, configuration management and attack surface management
Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to Endpoints, Servers, Databases, IoT, and Network devices (on premise and over cloud)
Provide status reports to VM Service owner and other stakeholders related to VM metrics, key risk indicators, trending, and compliance
Propose VM concepts/solutions, prepare presentations, and coordinate vendor demonstrations
Create and maintain SOPs for the Vulnerability Management program
Analyse security assessment results and threat feeds to properly react to security weaknesses or vulnerabilities
Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance
Support Automation of Vulnerability Management program and thereby achieve efficiency and effectiveness
Configuration and maintenance of regular and ad-hoc vulnerability scans against internal and external IT infrastructure including Cloud
Planning and coordination of Penetration testing activities for internally/externally facing applications and internal IT infrastructure.
Collaboration with service owners and cross-functional stakeholders related to vulnerability assessment and penetration testing.
Experienced in Analyses, reporting and maintaining oversight of Risk Treatment actions, Root Cause Reviews, and other remediation activities
Implementation and operation of Nessus or similar Vulnerability scanning tool at an enterprise level
Should have 7-10 years of experience in Vulnerability Management specially in attack surface management
Preferably in the field of Computer Science/ Computer Application/ Information or Technology/ Electronic & Communication Engineering.
Solid understanding of the Windows platform, Active Directory, and networking protocolsThrough knowledge of the CVSS risk ratingExposure to Vulnerability Scanning tools such as Tenable and ASM tools i.e. security score card, Bitsight and CycognitoKnowledge on scripting (e.g. PowerShell) to write automation scripts & PoCs.Sound knowledge of ITIL standards. Working experience of ITSM tool such as ServiceNow.Security certifications especially around AWS / Azure Security are a plusSecurity certifications especially around AWS / Azure Security are a plusExperience working successfully within a complex matrix structured organization is essential.Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs are a plus