Threat & Vulnerability Associate
- IN, INDIA
We are looking for Threat & Vulnerability Associates based in India to work on for one of our clients, a multinational corporation that provides IT services, including digital, technology, consulting and operations services.
This person will be responsible to perform assessments to different solutions in corporate and vendor solutions based on need. Some of these measures include but are not limited to, assessing infrastructure devices, awareness training for internal team members, and best practices for stakeholder team.
- Conduct Vulnerability assessment internal and external facing environment for infrastructure and applications using various tools like Qualys/Nessus/R7/NMAP etc.
- In depth understanding of operating system boot and loading sequence and troubleshooting
- Clear understanding of Windows registry, WMI, SCCM/inTune, Windows firewall configuration; clear understanding of Linux/MAC file system
- Clear understanding of scanning – SYN scans, stealth scans and controlled port scans
- In depth understanding of packet capture using Wireshark or TCP dump and analyzing packets for communication and authentication issues
- Understanding of traditional scanner-based scanning and agent-based scanning – difference and pros/cons of each.
- In depth knowledge of Qualys Cloud Agent – installation, license key generation and tagging
- Understanding of agent communication failure and troubleshooting the same based on log messages
- Clear understanding of various authentication methods supported by Windows/Linux/MAC and debugging authentication failure
- Vulnerability remediation recommendation – enable IT/CIS for the remediation technical support; utilize system administration knowledge to overcome patch failure
- Understanding of zero day vulnerabilities and deriving effective compensating controls
- Delivery security advisory to business and project stakeholders to remediate the risk findings, document and track the open risks to closure, and enable the leaders in making risk-based decisions to support our client’ss business needs.
- Review and define security configuration for multi-tier application deployment architectures including perimeter controls, and document the recommendations to address the inherent vulnerabilities and exposures in platforms.
- Lead security assessments by collaborating with cross-functional teams for web/mobile application security testing, infrastructure security scanning, and identity/access SSO integration, legal/data privacy team, etc.
- Advanced Level of English
- Minimum of 6+ years of progressive infrastructure and cybersecurity experience; preferably within a large global organization
- Should have the knowledge to translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors.
- Demonstrate ability to influence decision-making processes at all levels of our client’s team
- Candidates must be able to explain all vulnerabilities and weakness
- Preferably worked for an external client through large corporations may employ in-house teams
- Should have sound knowledge in penetration testing, need analytical and problem-solving skills, as well as excellent judgment and self-motivation
- Bachelor’s Degree in Computer Science, Systems Engineering or related fields
- Certifications (CCNA, CISSP, CSSLP, SANS)
Thursday, October 1, 2020