Threat & Vulnerability Manager
- IN, INDIA
We are looking for a Threat & Vulnerability Manager based in India to work for one of our clients, a multinational corporation that provides IT services, including digital, technology, consulting and operations services.
This person will be responsible to perform assessment to different solutions in corporate and vendor solution based on need. Some of these measures include, but are not limited to, assessing infrastructure devices, awareness training for internal team members, and best practices for stakeholder team.
- Conduct Vulnerability assessment internal and external facing environment as per organization requirement
- Update process and procedure document to enable effective Vulnerability management program
- Responsible to protect data based on the client’s requirements towards compliance, vulnerability assessment, and application security requirements
- Find security vulnerabilities in target systems, networks, and applications in order to help organization to improve their existing security controls and mechanisms
- Integrating security tools, standards and processes into the product life cycle (PLC).
- Supporting the incident response and architecture review processes whenever security expertise is needed
- Reduce risk posture of the environment by conducting regular security gap analysis
- Engage with 3 rd party for the annual or half yearly penetration testing
- Guide the IT/CIS for the remediation technical support
- Alert the customer based on the zero day, malware or malicious advisory released
- Ensure the governance of Threat and vulnerability management program
- Delivery security advisory to business and project stakeholders to remediate the risk findings, document and track the open risks to closure, and enable the leaders in making risk-based decisions to support our client’s business needs
- Review and define security configuration for multi-tier application deployment architectures including perimeter controls, and document the recommendations to address the inherent vulnerabilities and exposures in platforms
- Lead security assessments by collaborating with cross-functional teams for web/mobile application security testing, infrastructure security scanning, and identity/access SSO integration and legal/data privacy team
- Advanced Level of English
- Minimum of 9+ years of progressive infrastructure and cyber security experience; preferably within a large global organization. Exposure to any two security areas is mandatory– Infrastructure security, cloud/virtualization security and mobile security
- Should have knowledge to translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors
- Demonstrate ability to influence decision-making processes at all levels of our client’s team
- Candidates must be able to explain all vulnerabilities and weakness
- Should have sound knowledge in penetration testing, need analytical and problem-solving skills, as well as excellent judgment and self-motivation.
- The ideal candidate should be a good teamplayer, keen learner and commitment to the security industry
- Producing metrics reporting the state of security programs to management periodically
- Having business acumen, communication skills, and process-oriented thinking
- Bachelor’s Degree in Computer Science, Systems Engineering or related fields
- Certifications: CISSP/CISA/GIAC, product/vendor certifications
- Preferably worked for an external client through large corporations may employ in-house teams
Tuesday, September 29, 2020