Vulnerability Intelligence & ASM Analyst
Vulnerability Intelligence & ASM Analyst
Posted on :
04-09-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Job description:
The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regards to Saint-Gobain context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Manager on the remediation part.
This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to Saint-Gobain environment as well as tracking potential external entry points to Saint-Gobain systems and data.
The VOC VI & ASM Analyst is responsible for:
- Vulnerability Intelligence (VI):
- Monitor new vulnerabilities and assess their criticality and risk severity based on threat exploit availability ease of exploit impact
- Communicate and publish an assessment on vulnerabilities related to software used in Saint-Gobains scope
- Maintain timely high-quality vulnerability bulletins prioritizing issues against the Groups asset exposure
- Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service
- Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS EPSS CVSS metrics
- Attack Surface Management (ASM):
- Operate continuous monitoring of external assets via ASM Security tools
- Update on a regular basis the coverage of ASM tools by adding known domains and IP ranges belonging to Saint-Gobain
- Assess the severity of the findings and confirm their presence (review challenge FP assessment )
- Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners
- Build and use the external footprint to proactively identify new threats and new vulnerabilities
- Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities
- BlackBox Pentesting:
- Drive proactive follow-up on detected vulnerabilities engaging system owners and tracking remediation to closure
- Active follow up with Application managers to onboard new application in the BlackBox Pentesting service
- Pentest launch
- Contract follow-up
- Tools follow up and maintenance
- Vulnerability Management:
- Vulnerability review recategorization and false positive identification
- Proactive vulnerability testing and replay
- Pre-analyze and consolidate vulnerability data from various scanning tools
- Prepare concise syntheses of available vulnerabilities
- Offer guidance to the SO and CISO on vulnerabilities
- Collaborate with key stakeholders to develop strategies for vulnerability management
- Scripting and automation:
- Automate data extraction and data push from VI and ASM tools to DataLake tools
- Build automation workflows to streamline vulnerability identification assessment and reporting
- Collaborate with the offensive and defensive teams to enhance vulnerability assessment and testing
- Bachelors degree in Computer Science Information Security EXTC or related field; relevant certifications (e.g. CISSP CCSP CompTIA Security) are a plus
- Proven experience (6 years) working within the Cybersecurity field with emphasis on security platform implementation & administration
- Experience on Penetration testing actions (web application infrastructure )
- Experience with security scanning tools
- Experience with VI and ASM tools
- Experience in investigating newly published vulnerabilities and assessing their risks and severity
- Experience with scripting languages (e.g. Python Bash Powershell C# ) for automation and customization of security processes is a plus
- Experience with Pentester tools (Burp SQLmap Metasploit Kali environment )
- Strong technical skills with an interest in open-source intelligence investigations
- Knowledge of NIST CVE database OWASP Top 10 Microsoft security bulletins
Employment Type
Full-time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
