133 Tenable Jobs - Page 6

Knowledge of operating systems, system administration, and application security. Proficiency in security tools and technologies Experience with incident response methodologies. Strong knowledge of IT security protocols, data privacy standards Required Candidate profile Certified Information Systems Security Professional (CISSP) Vulnerability Scanner/Nessus, CrowdStrike, Cisco Meraki, Forcepoint One. Experience with cloud security and network security.

Job Summary We are seeking an experienced and results-driven Endpoint Vulnerability Manager to lead our efforts in identifying, managing, and mitigating endpoint vulnerabilities across our enterprise environment. This role requires hands-on expertise in managing enterprise tools like SCCM (System Center Configuration Manager) and Tenable for vulnerability scanning and remediation. The successful candidate will play a pivotal role in safeguarding the organization's endpoint security while ensuring compliance with industry standards and regulatory requirements. Key Responsibilities Vulnerability Management Manage the end-to-end process of endpoint vulnerability detection, prioritization, and remediation. Utilize Tenable to conduct comprehensive scans of endpoint devices, including desktops, laptops, and mobile devices, identifying security gaps and vulnerabilities. Implement patching and configuration updates processes using SCCM and other deployment options to reduce vulnerabilities across the environment. Monitor and report on vulnerability remediation progress and effectiveness. Endpoint Security Strategy Develop and maintain endpoint security strategies that align with organizational risk tolerance and industry best practices. Ensure compliance with security baselines and frameworks, such as CIS Benchmarks and NIST standards. Identify and mitigate risks arising from unpatched systems, misconfigurations, or outdated software. Tool Management and Optimization Partner with the Software Delivery Engineering Manager to ensure configuration and maintenance of SCCM platform is optimal for patch deployment, software updates, and operating system management. In partnership with Security & Compliance and Software Delivery Engineering teams, manage Tenable client compliance in order to optimize Tenable for scanning, reporting, and integration with other security tools. Automate routine tasks and processes to enhance the efficiency of endpoint vulnerability management efforts. Collaboration and Communication Partner with client management, service delivery and infrastructure teams to ensure vulnerabilities are addressed in a timely manner. Provide detailed reporting and dashboards on endpoint vulnerabilities to technical teams and management. Communicate technical concepts to non-technical stakeholders, ensuring clear understanding of risks and remediation plans. Provide and maintain training material and upskill junior engineering staff through remote training in best practice processes and procedures to optimize vulnerability remediation. Compliance and Governance Work with Security and Compliance teams to ensure endpoint vulnerability management practices comply with relevant regulatory standards such as HIPAA, PCI-DSS, or GDPR. Participate in audits and provide required documentation on endpoint vulnerability management activities. Regularly assess endpoint security posture and recommend improvements based on evolving threats. Required Qualifications Education & Experience Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience). 5+ years of experience in vulnerability management or endpoint security roles, preferably in a large enterprise environment Proven ability to sift through and rationalize large datasets with Technical Skills Strong knowledge of Windows and MacOS operating systems Advanced proficiency and practical application of SCCM and Intune for software deployment, patch management, and OS lifecycle Proficiency with Tenable or similar vulnerability scanning tools (e.g., Qualys, Rapid7) Experience with PowerShell for automating common tasks Understanding of network security concepts and principles. Soft Skills Strong analytical and problem-solving abilities. Excellent communication skills, both written and verbal. Proven ability to manage multiple projects and prioritize tasks effectively. Team-oriented with the ability to work collaboratively across departments. Preferred Qualifications Relevant certifications such as CISSP, CISM, GSEC, or Microsoft Certified: Modern Desktop Administrator. Experience with mobile device management (MDM) platforms Knowledge of ITIL processes and frameworks.

Open Roles: Cyber Security OperationsLocation Pune: Working Model : Hybrid Experience 3-5 YearsJob Description: 1. Assists with responding to computer security incidents according to the Information Security Policies and Industry Best Practices.2. Assists with coordinating the efforts of and provide timely updates to multiple business units during response.3. Contributes to a team of cyber security professionals working with threat data, writing non-complex reports, briefing event details to leadership, and coordinating remediation with personnel.4. Monitor information security related web sites (SANS Internet Storm Center, etc.) and mailing lists (BugTraq, etc.) to stay up to date on current attacks and trends.5. Perform basic analysis in support of Intrusion detection operations. Documents and escalates incidents, including event's history, status, and potential impact for further action, that may cause ongoing and immediate impact to the environment.6. Assists with incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. 7. Provides timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities. 8. Conducts research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings). 9. Recognizes a possible security violation or deficiencies and take appropriate action to report the incident, as required10. Working on Application Security, Logs maintenance, access review and DR plan preparations. Open Roles: Cybersecurity Risk AnalystLocation Pune: Working Model : Hybrid Experience 4-6 YearsJob Description: 1. Builds an understanding of Manufacturing cybersecurity policies and industry data privacy principles.2. Participates in cybersecurity risk identification utilizing identified risk management frameworks while working with the team to evaluate severity and mitigation plans. 3. Knowledge of India acts (e.g CERT-In,ITGC, IT Act etc.) in a manner specific to Cummins processes and controls.4. Assists in promotion of cybersecurity awareness. 5. Assists with responding to computer security alerts, events and incidents if any & coordinating the efforts of and provide timely updates to respective business units during the response. 6. Contributes to a team of cyber security professionals working with threat data, writing non-complex reports 7. Recognizes a possible security violation or deficiencies and report to the cyber governance team.8.Understanding a variety of security and compliance policies and incident response processes; working with respective business units to determine sensitive data that needs to be protected with the DLP technology. 9.Knowledge of core Information Security concepts related to Governance, Risk & Compliance10. Familiarity with networks and enterprise architecture 11. Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staff12. Ability to maintain incident and process documentation13. Ability to identify and translate data loss risks and planning mitigation into DLP policy rules14. Understand and apply security knowledge to concepts of Data at Rest, Data in Motion, and Data in Use15. Conduct analysis and complete reporting on DLP metrics, trends, and anomalies16. Assisting Business IT teams in creating the asset inventories, updating the drawings. 17. Assisting Business IT teams in creating the architecture review documents for new and upgradation projects Open Roles: Vulnerability Management AnalystLocation Pune: Working Model : Hybrid Experience 3-4 YearsJob Description: 1. Skilled and detail-oriented Vulnerability Management Analyst to support our cybersecurity team in identifying, tracking, and remediating software vulnerabilities and end-of-life (EOL) operating systems. 2. The successful candidate will work closely with application teams, site BISOs, and other stakeholders to ensure compliance and risk mitigation. Vulnerability Remediation: 1.Conduct regular meetings with the Organization’s Corporate, Manufacturing, and Site Application Teams to discuss vulnerabilities. 2.Track and report vulnerability remediation efforts across various teams. 3.Provide regular tracking metrics and updates to application teams and the cybersecurity team. 4. End-of-Life (EOL) Operating System Management: 5. Develop and maintain reporting dashboards using Tenable to track EOL OS efforts. 6. Monitor priorities, including BCC1, DMZ, End of Support systems, and assets still on the network. 7. Track exceptions and short-term extension requests related to EOL OS. 8. Collaborate with Site CISOs to ensure compliance with security policies and mitigate risks. 9. Tenable Security Platform Utilization: 10. Complete formal Tenable training and certification within the first year. 11. Utilize Tenable for producing vulnerability reports for different audiences. 12. Review vulnerability status and initiate scans as needed.

locationsIndia, Bangalore time typeFull time posted onPosted 2 Days Ago job requisition idJR0035199 Job Title: Site Reliability Engineer About Trellix: Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions. We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at . Role Overview: The Site Reliability Engineer team is responsible for design, implementation and end to end ownership of the infrastructure platform and services that protect the Trellix Securitys Consumer. The services provide continuous protection to our customers with a very strong focus on quality and an extendible services platform to internal partners & product teams. This role is a Site Reliability Engineer for commercial cloud-native solutions, deployed and managed in public cloud environments like AWS, GCP. You will be part of a team that is responsible for Trellix Cloud Services that enable protection at the endpoint products on a continuous basis. Responsibilities of this role include supporting Cloud service measurement, monitoring, and reporting, deployments and security. You will input into improving overall operational quality through common practices and by working with the Engineering, QA, and product DevOps teams. You will also be responsible for supporting efforts that improve Operational Excellence and Availability of Trellix Production environments. You will have access to the latest tools and technology, and an incredible career path with the worlds cyber security leader. You will have the opportunity to immerse yourself within complex and demanding deployment architectures and see the big picture all while helping to drive continuous improvement in all aspects of a dynamic and high-performing engineering organization. If you are passionate about running and continuously improving as a world class Site Reliability Engineer Team, we are offering you a unique and great opportunity to build your career with us and gain experience working with high-performance Cloud systems. About Role: Being part of a global 24x7x365 team providing the operational coverage including event response and recovery efforts of critical services. Periodic deployment of features, patches and hotfixes to maintain the Security posture of our Cloud Services. Ability to work in shifts on a rotational basis and participate in On-Call duties Have ownership and responsibility for high availability of Production environments Input into the monitoring of systems applications and supporting data Report on system uptime and availability Collaborate with other team members on best practices Assist with creating and updating runbooks & SOPs Build a strong relationship with the Cloud DevOps, Dev & QA teams and become a domain expert for the cloud services in your remit. Provided the required support for growth and development in this role. About you: 2 to 4 years of hands-on working experience in supporting production of large-scale cloud services. Strong production support background and experience of in-depth troubleshooting Experience working with solutions in both Linux and Windows environments Experience using modern Monitoring and Alerting tools (Prometheus, Grafana, PagerDuty, etc.) Excellent written and verbal communication skills. Experience with Python or other scripting languages Proven ability to work independently in deploying, testing, and troubleshooting systems. Experience supporting high availability systems and scalable solutions hosted on AWS or GCP. Familiarity with security tools & practices (Wiz, Tenable) Familiarity with Containerization and associated management tools (Docker, Kubernetes) Significant experience of developing and maintaining relationships with a wide range of customers at all levels Understanding of Incident, Change, Problem and Vulnerability Management processes. Desired: Awareness of ITIL best practices AWS Certification and/or Kubernetes Certification Experience with SnowFlake Automation/CI/CD experience, Jenkins, Ansible, Github Actions, Argo CD. Company Benefits and Perks: We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement We're serious ab out our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Position Details- Position: VAPT Lead Experience: 8-12 years Job Location: Powai, Mumbai - WORK FROM OFFICE Number of Position 1 Description: We are looking for VAPT LEAD who will be responsible for running automated and manual security scans which include but not limited to SAST, DAST, IAST, Mobile, Web, API and ad-hoc pen-testing. The candidate will play a key role of integrating Security element in DevSecOps The role entails taking responsibility of analysing security vulnerabilities and capability to provide mitigation solutions to fix issues, providing guidance to application teams, and coordinating with cross functional teams across the platform. Responsibilities: Hands-on experience creating and implementing DevSecOps pipeline using CICD automation tools like Jenkins, Automated scanning tools, BurpSuite, and open source tools. Implement Application Cyber Security Controls/Policies developed by IT Security Team. Ability to demo security vulnerability to application teams. Drive application security issues to a resolution. Provide a clear guidance to application teams during vulnerability mitigation effort Conduct application security assessment on periodic intervals and for every release Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status to Head of IT Security Categorize and recommend assessment strategies for existing and new application development Coach development and vendor teams on application security Develop user training material on secure coding and conduct training sessions Coordinate and execute IT security projects Integrate the Application and DevOps processes and CI/CD pipelines from early stages of the development lifecycle. Evaluating and on-boarding security tools such as SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple tech stacks. Contributing features to internally developed Cyber security tools, and integrate those tools into the Security DevOps pipelines. Driving continuous improvement for Security DevOps pipelines and processes, and to the Cyber security tools, services, and processes. Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises Research best practices for a variety of technologies and document / advice on solutions for security for multiple teams Develop, improve and monitor system compliance with the IT framework for controls and levels of access Collaborate with internal teams to manage and mitigate security vulnerabilities and risks Collaborate with software engineering and digital team to deliver integrated security solutions, and improve developer security practices Collaborate on Red Team penetration testing of IT systems Essential Qualification: Tenable/Qualys tool experience is mandatory. Experience with Dockers, Kubernetes, Terraform Good to have Appsec, API Testing, Infra Cloud Security testing experience. Must have experience with a modern version control system such as: Git, Github, GitLab. CISSP, OSCP or other security certifications desired. Experience with infrastructure as code and technologies behind it (Terraform preferred) Must have 4+ years of progressive experience in computing and information security. Capable of analysing data from various data sources and generating reports, charts and graphs. • Proven experience with at least one of the following technologies: MySQL, Postgres, FireBase, Google Cloud Storage and willing to learn and fill in any gaps. Working knowledge of agile methodology, techniques, and frameworks, such as Scrum or Kanban Excellent people and project management skills. Strong communication and presentation skills. Strong analytical and problem-solving skills.

Regeneron is founded on the belief that the right idea, combined with the right team, can lead to significant transformations. Our growing global network is dedicated to inventing, developing, and commercializing medicines that change lives for those with serious diseases. In doing so, we are pioneering innovative approaches to science, manufacturing, and commercialization, as well as redefining our understanding of health. TVM Analysts focus on cybersecurity vulnerability identification, facilitate priority-based patching, and validate remediation efficiency. Operational requirements include leveraging TVM and information technology service management (ITSM) platforms to provide transparency, quantification, and accountability for remediation efficacy. This includes the utilization of reporting, executive summaries, and real-time dashboards. Additional responsibilities include chipping in to cybersecurity’s strategic maturity roadmaps, collection and analysis of cyber vulnerability intelligence, IT, and business unit partnership. A typical day might include the following: Manage cybersecurity vulnerabilities and risks across Regeneron including identifying, supporting application and system owners to manage risks and remediate vulnerabilities. Conduct vulnerability assessments of scans of servers, websites, workstations, serverless technology, network devices, cloud infrastructure, and other assets using various vulnerability management platforms and tools. Analyze enterprise cybersecurity policies and configurations to evaluate compliance with regulations and enterprise policies and standards. Assist with selection of industry best of breed cybersecurity controls to mitigate risk Collection, reporting, and metrics generation for multiple cyber TVM datasets. This includes patching efficiency, identifying system misconfigurations, and security hygiene assessments. Support the process of Security Compliance assessments of systems and multi-tenant cloud services, using industry standard processes, to include, Center for Internet Security (CIS) hardening guidelines Analysis and monitoring of cybersecurity feeds, cyber threat intelligence, and open-source intelligence on trending vulnerabilities and exploits. Partner with IT service providers to operate, maintain, and enhance TVM platforms. This includes native Operating System, cloud security, and data aggregation platforms Collaborate and partner with cross-departmental peers (technical and non-technical) to report, synthesize, and prioritize vulnerabilities and threats based on contextual assets and relationship data. Leverage industry and compute environment data to assess current and alternative technical solutions and processes for continuous enhancement and issue resolution. Supports and enables Regeneron’s, global (US (United States), EU (European Union), APAC) Science to Medicine business objectives through enriching the cybersecurity defense posture. Support Regeneron's TVM capability to identify, assign, and validate remediation of compute environment vulnerabilities. This encompasses Regeneron’s on-prem, hybrid, and multi-tenant cloud environments. This job might be for you if you: Possess a Bachelor’s Degree and 2+ years of relevant experience into Threat and Vulnerability Knowledge, proven track record, and skills in vulnerability assessment, prioritization, assignment, validation, and tracking. Experience and working knowledge of vulnerability management tools such as Nmap, Qualys, Tenable, Nessus, Microsoft Defender, Wiz, Rapid7, AWS Inspector, Orca. Familiarity with OWASP (Open Web Application Security Project) Top 10, CIS Security Controls, MITRE ATT&CK Framework Solid understanding of multi-tenant cloud environments (AWS, Azure, GCP), vulnerability mitigation techniques, and system hardening. Proven threat and vulnerability assessment skills or knowledge gained through experience or academia. Ability to understand threat modeling and apply technical, administrative, and security control risk mitigation. Organized, reliable, detail oriented. Proven or conceptual abilities to navigate levels through thought equity. Cybersecurity tool familiarity. E.g., SIEM (Security Information and Event Management), IDS/IPS, Email Protection, Firewalls, DLP (Data Loss Prevention), EDR (Endpoint Detection and Response), etc. Experience gained through a sophisticated organization and managed security providers and vendors. Excellent problem-solving skills and attention to detail. Demonstrable experience in customer service, communication, and relationship building. Ability to work independently and as part of a team. CISSP, CEH, Security+, Network+ or equivalent are preferred. Connect with us, so we can learn more about you, and you can learn more about our medicines. And join us in crafting the future of healthcare. Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application process. Please contact us to discuss any accommodations you think you may need. Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We have an inclusive and diverse culture that provides comprehensive benefits, which often include (depending on location) health and wellness programs, fitness centers, equity awards, annual bonuses, and paid time off for eligible employees at all levels! Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. The Company will also provide reasonable accommodation to the known disabilities or chronic illnesses of an otherwise qualified applicant for employment, unless the accommodation would impose undue hardship on the operation of the Company's business. For roles in which the hired candidate will be working in the U.S., the salary ranges provided are shown in accordance with U.S. law and apply to U.S.-based positions. For roles which will be based in Japan and/or Canada, the salary ranges are shown in accordance with the applicable local law and currency. If you are outside the U.S, Japan or Canada, please speak with your recruiter about salaries and benefits in your location. Please note that certain background checks will form part of the recruitment process. Background checks will be conducted in accordance with the law of the country where the position is based, including the type of background checks conducted. The purpose of carrying out such checks is for Regeneron to verify certain information regarding a candidate prior to the commencement of employment such as identity, right to work, educational qualifications etc.

Conduct vulnerability assessments using industry-leading tools (e.g., Nessus, Tenable, Qualys). Develop and maintain vulnerability management processes, Analyze assessment results to identify and prioritize risks. Perform penetration testing.

Key Responsibilities: Tool Proficiency: Demonstrate expertise in security tools, including: • Qualys Vulnerability Scanner • Qualys Cloud Agent Having knowledge on below tools will be preferrable. • Imperva • Wallix Bastion • Microsoft PKI • Trellix Endpoint • SafeNet • CrowdStrike Operating System Knowledge: • Maintain a good understanding of Linux OS and its security features. Problem Solving & Feedback: • Provide valuable feedback on security tools and processes. • Analyze and solve complex cybersecurity issues. • Suggest and implement improvements to enhance security posture. Scripting & Automation: • Develop scripts for process automation and system integration. • Collaborate on creating efficient workflows to streamline operations. Development Skills: • Possess a solid understanding of Python development for automation and security tasks. • Utilize development tools, such as Git and VSCode, for version control and code management. Containerization Knowledge: • Have a basic understanding of Docker and its application in cybersecurity. Other Skills: • Proven experience with cybersecurity tools and practices. • Strong analytical and problem-solving skills. • Familiarity with scripting and process automation. • Basic knowledge of containerization using Docker is a plus. • Excellent communication and collaboration skills. • Scripting and process automation experience with any mentioned tools • Usage of development tools like Git, VSCode is mandatory. • Knowledge of data analytics library like pandas, will be added advantage Personal skills: • Good Team Player • Posses Positive and Learning attitude • Good Verbal and Witten communication skills • Sense of Ownership, Priorities and Autonomous Qualification: • Bachelors Degree in Computer Engineering, Information Technology or any relevant certifications • Familiar with basic understanding of TCP/UDP packets, security tools such IDS/IPS, Web proxies, DNS security, DDoS protection, firewalls