Vulnerability Intelligence & ASM Analyst

Trigent Software Private Limited

Job Location:

Mumbai - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Job description:

The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regards to Saint-Gobain context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Manager on the remediation part.

This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to Saint-Gobain environment as well as tracking potential external entry points to Saint-Gobain systems and data.

The VOC VI & ASM Analyst is responsible for:

Vulnerability Intelligence (VI):
- Monitor new vulnerabilities and assess their criticality and risk severity based on threat exploit availability ease of exploit impact
- Communicate and publish an assessment on vulnerabilities related to software used in Saint-Gobains scope
- Maintain timely high-quality vulnerability bulletins prioritizing issues against the Groups asset exposure
- Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service
- Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS EPSS CVSS metrics

Attack Surface Management (ASM):
- Operate continuous monitoring of external assets via ASM Security tools
- Update on a regular basis the coverage of ASM tools by adding known domains and IP ranges belonging to Saint-Gobain
- Assess the severity of the findings and confirm their presence (review challenge FP assessment )
- Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners
- Build and use the external footprint to proactively identify new threats and new vulnerabilities
- Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities

BlackBox Pentesting:
- Drive proactive follow-up on detected vulnerabilities engaging system owners and tracking remediation to closure
- Active follow up with Application managers to onboard new application in the BlackBox Pentesting service
  - Pentest launch
  - Contract follow-up
  - Tools follow up and maintenance

Vulnerability Management:
- Vulnerability review recategorization and false positive identification
- Proactive vulnerability testing and replay
- Pre-analyze and consolidate vulnerability data from various scanning tools
- Prepare concise syntheses of available vulnerabilities
- Offer guidance to the SO and CISO on vulnerabilities
- Collaborate with key stakeholders to develop strategies for vulnerability management

Scripting and automation:
- Automate data extraction and data push from VI and ASM tools to DataLake tools
- Build automation workflows to streamline vulnerability identification assessment and reporting
- Collaborate with the offensive and defensive teams to enhance vulnerability assessment and testing

Skills

Bachelors degree in Computer Science Information Security EXTC or related field; relevant certifications (e.g. CISSP CCSP CompTIA Security) are a plus
Proven experience (6 years) working within the Cybersecurity field with emphasis on security platform implementation & administration
Experience on Penetration testing actions (web application infrastructure )
Experience with security scanning tools
Experience with VI and ASM tools
Experience in investigating newly published vulnerabilities and assessing their risks and severity
Experience with scripting languages (e.g. Python Bash Powershell C# ) for automation and customization of security processes is a plus
Experience with Pentester tools (Burp SQLmap Metasploit Kali environment )
Strong technical skills with an interest in open-source intelligence investigations
Knowledge of NIST CVE database OWASP Top 10 Microsoft security bulletins

Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders.

Job description: The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regards to Saint-Gobain context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to a...

Job description:

The VOC VI & ASM Analyst is responsible for:

Vulnerability Intelligence (VI):
- Monitor new vulnerabilities and assess their criticality and risk severity based on threat exploit availability ease of exploit impact
- Communicate and publish an assessment on vulnerabilities related to software used in Saint-Gobains scope
- Maintain timely high-quality vulnerability bulletins prioritizing issues against the Groups asset exposure
- Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service
- Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS EPSS CVSS metrics

Attack Surface Management (ASM):
- Operate continuous monitoring of external assets via ASM Security tools
- Update on a regular basis the coverage of ASM tools by adding known domains and IP ranges belonging to Saint-Gobain
- Assess the severity of the findings and confirm their presence (review challenge FP assessment )
- Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners
- Build and use the external footprint to proactively identify new threats and new vulnerabilities
- Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities

BlackBox Pentesting:
- Drive proactive follow-up on detected vulnerabilities engaging system owners and tracking remediation to closure
- Active follow up with Application managers to onboard new application in the BlackBox Pentesting service
  - Pentest launch
  - Contract follow-up
  - Tools follow up and maintenance

Vulnerability Management:
- Vulnerability review recategorization and false positive identification
- Proactive vulnerability testing and replay
- Pre-analyze and consolidate vulnerability data from various scanning tools
- Prepare concise syntheses of available vulnerabilities
- Offer guidance to the SO and CISO on vulnerabilities
- Collaborate with key stakeholders to develop strategies for vulnerability management

Scripting and automation:
- Automate data extraction and data push from VI and ASM tools to DataLake tools
- Build automation workflows to streamline vulnerability identification assessment and reporting
- Collaborate with the offensive and defensive teams to enhance vulnerability assessment and testing

Skills

Bachelors degree in Computer Science Information Security EXTC or related field; relevant certifications (e.g. CISSP CCSP CompTIA Security) are a plus
Proven experience (6 years) working within the Cybersecurity field with emphasis on security platform implementation & administration
Experience on Penetration testing actions (web application infrastructure )
Experience with security scanning tools
Experience with VI and ASM tools
Experience in investigating newly published vulnerabilities and assessing their risks and severity
Experience with scripting languages (e.g. Python Bash Powershell C# ) for automation and customization of security processes is a plus
Experience with Pentester tools (Burp SQLmap Metasploit Kali environment )
Strong technical skills with an interest in open-source intelligence investigations
Knowledge of NIST CVE database OWASP Top 10 Microsoft security bulletins

Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders.