Systems Integration Specialist Advisor

Job Description

Req ID: 328714 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Systems Integration Specialist Advisor to join our team in Bengaluru, Karn taka (IN-KA), India (IN). Job Summary: Senior Vulnerability & DevSecOps Engineer We seek a highly skilled and technically proficient Senior Vulnerability & DevSecOps Engineer to join our security team. In this pivotal role, he/she will drive our end-to-end vulnerability management program, from comprehensive scanning and deep analysis to effective remediation and reporting. Leveraging expert-level experience with industry-leading tools like Qualys and Burp Suite, he/she will proactively identify, prioritize, and validate critical vulnerabilities across our expansive hybrid infrastructure, encompassing servers, workstations, and cloud environments (GCP, AWS, Azure). A significant focus of this position involves integrating robust security practices and automation into our CI/CD pipelines. He/she will be instrumental in building, maintaining, and improving automated security testing workflows using tools such as Jenkins, GitLab CI, Azure DevOps, SonarQube, Synk, and ZAP, ensuring security is "shifted left." Proficiency in scripting languages (Python, Bash, Terraform) and automation frameworks like Ansible is essential for developing custom tools, automating patching, configuration hardening, and streamlining compliance checks. He/she will collaborate closely with development and operations teams to embed secure coding principles and foster a DevSecOps culture, ultimately enhancing our security posture and reducing organizational risk. This role demands a deep understanding of vulnerability assessment methodologies (OWASP Top 10, NIST), networking concepts, and diverse operating systems (Windows, Linux). Exceptional analytical skills are required to interpret complex scan results, manually validate findings, and generate advanced reports and dashboards using Power BI and Excel for technical and executive audiences. A proactive problem-solver passionate about automation, application security, and continuous improvement in a dynamic technical landscape. Responsibilities: Vulnerability Scanning and Security Analysis: Perform regular vulnerability scans of servers, workstations, cloud infrastructure, and other assets using Qualys and Burp. Analyze scan results to identify critical vulnerabilities, misconfigurations, and compliance violations. Prioritize vulnerabilities based on risk and business impact. Manually validate and verify vulnerabilities to reduce false positives and refine scan settings. Basic understanding of OWASP Top 10 standards. Remediation and Reporting: Work closely with application teams, system administrators, and other stakeholders to communicate vulnerability findings and guide remediation efforts. Track remediation progress using Excel and other tracking tools. Generate detailed reports on vulnerability trends, remediation status, and overall security posture. Present findings to technical and management audiences. DevSecOps: CI/CD Pipelines: Implement, build, and maintain CI/CD pipelines with security integrated throughout the process. Familiarity with tools like Jenkins, GitLab CI, Azure DevOps Cloud, JFrog, SonarQube, Synk, and ZAP. Some understanding of Google Cloud. Automate vulnerability remediation tasks using Ansible playbooks. Collaborate with development teams to implement secure coding practices and improve application security. Work with DevSecOps engineers to build out automated security testing pipelines. Automation and Scripting: Develop and maintain Ansible playbooks to automate vulnerability patching, configuration hardening, and compliance checks. Use scripting languages (e.g., Python, Bash, Terraform) to create custom tools and scripts for vulnerability analysis and reporting. Continuous Improvement: Continuously evaluate and improve our vulnerability management processes and procedures. Research and recommend new security tools and technologies. Participate in security incident response activities. Technical Skills and Qualifications: Required: 3+ years of experience in security vulnerability scanning and analysis. Expert-level experience with Vulnerability Management Strong understanding of vulnerability assessment methodologies and tools (e.g., OWASP, NIST). Proven experience with automation and configuration management. Understand at least one scripting language (e.g., Python, Bash, PowerShell). Experience with integrating security tools into CI/CD pipelines. Excellent working knowledge of Power BI and Excel for data analysis and reporting. Ability to create complex dashboards and reports. Solid understanding of networking concepts, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure, GCP). Excellent communication, collaboration, and problem-solving skills. Ability to work independently and as part of a team. Preferred: Some experience with other security tools such as Burp Suite, Invicti, SonarQube, Zap, etc. Experience with container security (e.g., Docker, Kubernetes). Knowledge of security frameworks such as NIST CSF or ISO 27001. Experience with security incident response. Some experience with SIEM tools (e.g., Splunk, QRadar). Knowledge of application security testing methodologies (SAST, DAST, IAST). At least one of the following Certifications (a plus): Qualys Certified Specialist (QCS) DevSecOps Foundation / Engineer / Professional Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH)Offensive Security Certified Professional (OSCP) CompTIA Security+ Education: Bachelor s degree in computer science, Information Security, or a related field, or equivalent experience.