Vulnerability remediation support advisory

Posted: March 30, 2022, 11:07 a.m. - Full Time - India

Job description

The candidate will be support the infrastructure and application-based vulnerability remediation thru remediation guidance and facilitation of vulnerability ticket closure.

Skill Set

2/4 years of experience in handling tickets pertaining to Vulnerability Management solutions

Experience of ITSM, Bug tracking tools etc.

Vulnerability Triage Services & Vulnerability Tracking

Knowledge of ISO 27001 and preferably NIST

Vulnerability Assignment and co-ordination with respective remediation team & other stakeholders to close open tickets

Experience of conducting the Network Vulnerability Assessments & suggesting the remediation strategies is an added advantage

Good knowledge on Vulnerabilities & Threats

Experience in hardening systems as per CIS benchmarks, Vulnerability prioritization techniques & attack surface reduction on windows-based systems.

Good Communication skills. Ability to convey the solutions in effective way to both technical & Non-Technical audiences

Responsibilities

Assist in the Vulnerability Management Remediation triaging and tickets management

Raising the Application Ownersâ٠awareness of the vulnerability mitigation process

Redirecting information on vulnerabilities to the appropriate people

Providing information that is easy to understand by recipients

Handling many vulnerabilities at the same time

Gathering the information required by the remediation plan

Agreeing between stakeholder's vulnerability mitigation actions and dates

Tracking the remediation process till its completion

Improving the effectiveness of communication between Application Owners, - Application Providers and Platform Owners

Handling cases when period of Risk Acceptance has expired

Tracking the remediation history of given application on platform

Periodic reporting

Technology knowledge required

Rapid 7 Vulnerability Management, HCL Appsec, ITSM ( Service Now etc) , Jira etc.

Educational Requirement

Bachelorâٳ Degree, or equivalent work experience, in Computer Science or related field preferred.

Cyber security certifications such as CEH OR Microsoft based certifications is an added advantage

Responsibilities

Conduct cyber-attack simulations as part of the RED team activity

Conduct Vulnerability Assessment and Penetration Testing and configuration review for network, web application , mobile application and thick -client application

Conduct configuration reviews for OS , DB, Firewall, routers, Switches and other security devices/components

Perform manual testing of web applications

Conduct source-code review using automated and manual approaches

Prepare detailed reports

Ensure timely delivery of status updates and final reports to clients

Handle Clients queries

Keep oneself updated on the latest IT Security news ,exploits, hacks

Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks

Essential Skills

Thorough and practical knowledge of OWASP

Hands on experience with popular security tools âӠNessus, Burpsuite, Netsparker, Metasploit, KALI Linux

Working knowledge of manual testing of web applications

Good knowledge of modifying and compiling exploit code

Hands on experience of working on Windows and Linux

Working knowledge of CIS Security benchmarks

Good understanding and knowledge of codes languages

Has practical experience in auditing various OS , DB , Network and Security technologies

Microsoft office Word, Excel, PowerPoint.