Minimum 5+ years of experience in vulnerability management and infrastructure compliance monitoring.
Experience with vulnerability management platforms (e.g., Tenable.io, Qualys VMDR, Rapid7 InsightVM) and Penetration Testing tools.
Strong experience in monitoring vulnerabilities in Cloud environments, Containers, Kubernetes, security technologies.
Experience in handling enterprise vulnerability assessment and management.
Perform recurring and on-demand scanning of organization systems both on-premises and cloud environments.
Analyze vulnerabilities and threats, determine their potential impact, and recommend strategies for risk prevention.
Generate detailed reports on vulnerabilities, their impact, and the status of remediation efforts. Communicate findings to stakeholders and track remediation.
Engage in vulnerability management program reviews and continuous improvement initiatives, providing input on enhancements to scanning and reporting processes.
- Providing expertise on vulnerability exploitation and mitigation.
- Develop and maintain vulnerability management documentation, including policies, procedures, and playbooks, including creating response plans for critical vulnerabilities.
- Improve existing vulnerability management systems and reporting and provide technical support for vulnerability management projects
Knowledge of vulnerability data management and reporting process automation.
Perform compliance monitoring on Infrastructure estate including but not limited to Server based technologies, networking devices, Databases, Firewalls etc.
Ensure compliance with relevant security standards, policies, and regulations.
In-depth knowledge of information security best practices.
Knowledge of OWASP tools and methodologies.
Knowledge of technical concepts such as cloud computing, automation, networking
Familiar with regulatory & International security frameworks and its compliance
Certification such as OSCP, GPEN, CISSP.
Knowledge of scripting languages such as Perl or Python.
In-depth knowledge of network protocols, operating systems, and common vulnerabilities.
