Vulnerability Management Senior Cyber Security Analyst

Location (Primary) - Noida / Chennai (Secondary)

GCF Level - 2A(01 nos) & 2B(01 nos)

Role Description:- This role aims to receive analyse assess coordinate and monitor the remediation of vulnerabilities affecting the Companys information systems. The role covers the full vulnerability lifecycle from detection to validation of fixing close collaboration with technical teams the CERT and governance bodies.

Key Tools and Environments - must have

1. Must hands on experience with detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR WIZ NESSUS PRO Dynatrace)
2. Experience information system management and mapping tools (CMDB VISIT)
3. Good knowledge of software distribution tools (SCCM Intune Satellite Ansible etc.) and reporting and analysis tools (PowerBI)
4. Experience with ServiceNow (SNOW) specifically the SECOPS module; ServiceNow SECOPS certification is preferred.
5. Strong understanding of - Onprem infrastructure SaaS / IaaS / Cloud workloads Application vulnerability context
6. Ability to enrich findings using CMDB / asset mapping tools
7. Working knowledge of - SCCM Intune Ansible Satellite

Mandatory Soft Skills:

1. Stakeholder & Coordination Skills - Ability to work with all stakeholders and escalation handling and followup discipline
2. Documentation & Effective Communication - Clear communication (EN/FR preferred) with structured documentation mindset
3. Process & Continuous Improvement Mindset - Ability to maintain VM process documentation Identify gaps and improvement areas and support internal training and knowledge base enrichment

Job Description:

1. Vulnerability Management (Common VM Core) -
2. Oversee the receipt analysis and tracking of vulnerabilities from various sources (CERT scanning tools division reports)
3. manage backlog processing and create or update vulnerability tickets using multiple detection and asset management tools.
4. Asset Identification and Qualification -
5. Assess and identify impacted assets across various environments
6. Qualify vulnerabilities by evaluating exposure versions severity attack vectors and client context
7. Enhance asset information using CMDB and promptly issue alerts for critical vulnerabilities.
8. Definition and Steering of Remediation Plans -
9. Develop implement and coordinate remediation plans by analyzing security advisories and scan reports
10. Defining tailored action strategies (including patches workarounds and updates)
11. Prioritizing tasks tracking requests in ServiceNow
12. Sending criticality-based reminders and supporting remediation teams.
13. Monitoring and Validation of Patch Application
14. Monitor and validate patch application by ensuring timely verification
15. Gathering remediation evidence (especially for critical vulnerabilities)
16. Documenting exceptions and confirming remediation effectiveness prior to ticket closure.
17. Management of Critical P0 / P1 Vulnerabilities:-
18. Rapidly identify and assess impacted components and teams for critical vulnerabilities (P0/P1)
19. Ensure targeted follow-up with dedicated reporting and regular meetings draft essential documentation (minutes and summaries)
20. Manage urgent vulnerability alerts and escalate unresolved issues as needed.
21. Management of Non-CERT Vulnerabilities (VM3):-
22. Monitor and assess non-CERT vulnerabilities
23. Evaluate their criticality using external sources
24. Recommend and implement remediation strategies and escalate issues as required.
25. CTI & Incidentology Management:-
26. Oversee remediation tracking for CERT Threat Intelligence findings including asset identification
27. Investigation remediation coordination and ticket processing
28. Support weekly CYB coordination
29. Enhance CTI quality and maintain a comprehensive knowledge base.
30. COD Controls Management and Follow-up:
31. Oversee the execution monitoring and remediation tracking of key security controlsincluding asset management
32. Privileged account onboarding/offboarding
33. Identity administration endpoint detection and response
34. Patch management with ongoing deployment of additional measures to mitigate cyber risk.
35. Reporting and Steering:
36. Develop and maintain consolidated dashboards
37. Prepare monthly reports conduct incident analysis recommend service improvements
38. Adapt reporting to meet client expectations for vulnerability management.
39. Governance and Continuous Improvement
40. Oversee VM process documentation monitor performance
41. Develop internal training materials interface with the product team for requirements and tool evolution
42. Support data exchanges and drive continuous service improvement.

Total Experience Expected: 06-08 years

Qualifications :

Bachelors degree or Masters in Computer Science Engineering or related field.

Strongly Recommeded Certifications

1. Anyone - CompTIA Security / ISC² SSCP / ISO 27001 Foundation
2. Anyone - Tenable Nessus Certification / GIAC Vulnerability Assessment / CREST Practitioner Security Analyst (CPSA)Anyone
3. Anyone - Microsoft SC200 / SC300
4. Anyone - AWS Security Specialty / Azure Security Engineer Associate
5. Prefered - ServiceNow SECOPS certification

Additional Information :

This roles requires to follow CET working hours/Client business hours

At our organization we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.

Remote Work :

No

Employment Type :

Full-time