VOC Analyst

VOC VI & ASM Analyst

 Vulnerability Intelligence (VI):

o Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit

availability, ease of exploit, impact, …

o Communicate and publish an assessment on vulnerabilities related to software

o Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset

exposure

o Update on a regular basis our software inventory in the scope of Vulnerability Assessment

Service

o Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS,

EPSS, CVSS metrics, …

 Attack Surface Management (ASM):

o Operate continuous monitoring of external assets via ASM Security tools

o Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges

o Assess the severity of the findings and confirm their presence review, challenge, FP assessment

o Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners

o Build and use the external footprint to proactively identify new threats and new vulnerabilities

o Leverage ASM tools to proactively identify external assets subject to newly published

vulnerabilities

BlackBox Pentesting:

o Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking

remediation to closure

o Active follow up with Application managers to onboard new application in the BlackBox

Pentesting service

 Vulnerability Management:

o Vulnerability review, recategorization, and false positive identification

Skills

 Bachelors degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus

 Experience on Penetration testing actions (web application, infrastructure, …)

VI and ASM tools

 Experience in investigating newly published vulnerabilities and assessing their risks and severity

 Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus

Pentester tools

 Strong technical skills with an interest in open-source intelligence investigations

 Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins

Additional Information

 The position is based in Mumbai (India)