Vulnerability remediation support advisoryPosted: March 30, 2022, 11:07 a.m. - Full Time - India
The candidate will be support the infrastructure and application-based vulnerability remediation thru remediation guidance and facilitation of vulnerability ticket closure.
2/4 years of experience in handling tickets pertaining to Vulnerability Management solutions
Experience of ITSM, Bug tracking tools etc.
Vulnerability Triage Services & Vulnerability Tracking
Knowledge of ISO 27001 and preferably NIST
Vulnerability Assignment and co-ordination with respective remediation team & other stakeholders to close open tickets
Experience of conducting the Network Vulnerability Assessments & suggesting the remediation strategies is an added advantage
Good knowledge on Vulnerabilities & Threats
Experience in hardening systems as per CIS benchmarks, Vulnerability prioritization techniques & attack surface reduction on windows-based systems.
Good Communication skills. Ability to convey the solutions in effective way to both technical & Non-Technical audiences
Assist in the Vulnerability Management Remediation triaging and tickets management
Raising the Application Ownersâ٠awareness of the vulnerability mitigation process
Redirecting information on vulnerabilities to the appropriate people
Providing information that is easy to understand by recipients
Handling many vulnerabilities at the same time
Gathering the information required by the remediation plan
Agreeing between stakeholder's vulnerability mitigation actions and dates
Tracking the remediation process till its completion
Improving the effectiveness of communication between Application Owners, - Application Providers and Platform Owners
Handling cases when period of Risk Acceptance has expired
Tracking the remediation history of given application on platform
Technology knowledge required
Rapid 7 Vulnerability Management, HCL Appsec, ITSM ( Service Now etc) , Jira etc.
Bachelorâٳ Degree, or equivalent work experience, in Computer Science or related field preferred.
Cyber security certifications such as CEH OR Microsoft based certifications is an added advantage
Conduct cyber-attack simulations as part of the RED team activity
Conduct Vulnerability Assessment and Penetration Testing and configuration review for network, web application , mobile application and thick -client application
Conduct configuration reviews for OS , DB, Firewall, routers, Switches and other security devices/components
Perform manual testing of web applications
Conduct source-code review using automated and manual approaches
Prepare detailed reports
Ensure timely delivery of status updates and final reports to clients
Handle Clients queries
Keep oneself updated on the latest IT Security news ,exploits, hacks
Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks
Thorough and practical knowledge of OWASP
Hands on experience with popular security tools âӠNessus, Burpsuite, Netsparker, Metasploit, KALI Linux
Working knowledge of manual testing of web applications
Good knowledge of modifying and compiling exploit code
Hands on experience of working on Windows and Linux
Working knowledge of CIS Security benchmarks
Good understanding and knowledge of codes languages
Has practical experience in auditing various OS , DB , Network and Security technologies
Microsoft office Word, Excel, PowerPoint.