BCG VM Professional

Job Description

About the Role: We are seeking a highly experienced and proactive Vulnerability Management (VM) Professional to bolster our Cyber Security team. The ideal candidate will possess deep expertise in managing VM tools, conducting comprehensive vulnerability assessments, and driving remediation efforts across diverse IT infrastructures, including cloud environments. This role requires strong technical skills, excellent reporting capabilities, and the ability to effectively collaborate with various stakeholders to enhance our security posture. Key Responsibilities: Vulnerability Management Tooling: Manage and maintain the VM tool (Tenable.io) and on-premises Vulnerability Assessment (VA) scanners. Perform regular health checks to ensure scanners are operational and updated with the latest plugins. Ensure scan scopes are accurately updated and scans are performed on assets at the desired frequency. Troubleshoot and resolve scanning issues, such as authentication failures, observed in scheduled scans. Vulnerability Assessment & Risk Management: Conduct comprehensive vulnerability assessments and articulate findings in an easily consumable manner for asset owners. Perform risk assessments on identified infrastructure vulnerabilities to determine the real risk and prioritize remediation efforts. Report EC2 instances and Lambda functions vulnerability findings from AWS Inspector to individual resource owners. Remediation & Compliance: Report findings to relevant teams/individual owners of assets and diligently follow up to ensure remediation is completed within defined SLAs. Develop and maintain hardening configuration standards (e.g., CIS benchmarks) for Windows and Linux operating systems. Collaborate with stakeholders to ensure hardening configurations are implemented and validated through regular compliance scans. Oversee assessment, reporting, and remediation tracking of identified vulnerabilities. Collaboration & Communication: Collaborate effectively with Tribe/Product owners and cross-functional stakeholders on all aspects of vulnerability management. Maintain excellent reporting skills to communicate complex technical findings clearly and concisely. Scanning Operations: Configure and maintain regular and ad-hoc vulnerability scans against internal and external IT infrastructure, including cloud environments. Required Skills & Experience: Total Years of Experience: 8-10 Years Relevant Years of Experience: 8+ Years in Vulnerability Management Mandatory Skills: Proven ability to perform vulnerability assessments and articulate findings effectively to asset owners. Strong reporting skills. Extensive experience in configuration and maintenance of regular and ad-hoc vulnerability scans against internal and external IT infrastructure, including Cloud environments. Proficiency in assessment, reporting, and remediation tracking of identified vulnerabilities. Demonstrated experience in collaborating with Tribe/Product owners and cross-functional stakeholders related to vulnerability management. Desired/Secondary Skills: Knowledge of scripting (e.g., PowerShell) for automation purposes. Solid understanding of cloud terminology (AWS preferred given JD content), Windows platform, Active Directory, and networking protocols. Sound knowledge of ITIL standards. Working experience with ITSM tools such as ServiceNow. Domain: Cyber Security Additional Information: Max Vendor Rate: INR 12,000 per day Background Check: Pre-onboarding Shift: General shift - 5 days a week (as required) Working Model: Hybrid (5 days a week, as required) Assignment Duration: 6 Months Number of Openings: 1