Security Vulnerability Analyst

Security Vulnerability Analyst

What You Will Do: Key Responsibilities

• Perform daily operations and maintenance of vulnerability scanning tools

  and their supporting infrastructure.

• Register assets in the scanning tool and execute scans

  according to the agreed schedule.
• Conduct comprehensive

  Vulnerability Management

  , including supporting scan tools, executing vulnerability scans, performing

  CIS Hardening

  , conducting analysis, and recommending/tracking mitigations.

• Monitor ticket and email queues

  for incoming Vulnerability & Pen test requests.

• Monitor email/web-based reporting of vulnerabilities

  from external reporters.

• Responsible for reporting and tracking the completion status

  of vulnerability assessment scans.
• Perform

  periodic validation of assets

  through the Central Depository.

• Perform, review, and analyze security vulnerability data

  to identify applicability and false positives, recommending corrective actions for mitigation.

• Publish reports

  on identified security vulnerabilities and control gaps found during security control reviews, as per defined schedules.

• Manage tracking and remediation of vulnerabilities

  by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
• Overall responsibility for the

  governance and tracking of the Vulnerability Remediation action plan

  .

• Plan and coordinate vulnerability scanning schedules

  with customers and stakeholders.

• Assist in metrics development and reporting

  for vulnerability management activities.

• Participate in the out-of-hours on-call rotation

  , providing technical support to the business for major and critical incidents.

Required Qualifications

• Education:

  Bachelor's Degree (B.E./B.Tech) in Computer Science or a related field.

• Solid understanding of security controls

  (e.g., Access Control, auditing, authentication, encryption, integrity, physical security, and application security).

• Working knowledge of scanning tools

  such as Nessus, Qualys, Netsparker, Fortify, etc.

• Strong understanding of enterprise, network, system, and application-level security issues.

• Understanding of

  enterprise computing environments, distributed applications

  , and a

  strong understanding of TCP/IP networks

  , including available security controls (technical & process controls) for respective layers.
• The ability to

  provide support after normal business hours

  .
• The ability to

  work constructively under pressure

  .
• Ability to

  work both in a team as well as individually

  .
• Strong

  Knowledge Sharing and Collaboration skills

  .
• Ability to

  deliver results and meet customer expectations

  .

• Excellent communication skills; English is a must.