VULNERABILITY MANAGEMENT

Job Description

• Extensive experience of 8+ years in Application / Network Security Assessment
• Good at application threat modeling and Applications risk exposure
• Experience in dynamic and static application vulnerability scanners like Rapid7 AppSpider, HP WebInspect, IBM AppScan, HP Fortify, etc.
• Experience of using Network security assessment tools like Rapid7 Nexpose, Metasploit, Nessus, Qualys etc.
• Experience in manual security assessment of applications and infrastructure
• Establish Vulnerability Management framework & process including Vulnerability assessment, treatment, acceptance/exception
• Manage VAPT and Secure Configuration Management process
• Ensure the coverage and track new assets & applications which are going live and VA/PT, Security Configuration Assessment are conducted before going live and periodically after going live.
• Knowledge of scripting languages like Ruby, Python etc
• Knowledge of web development would be preferred
• Knowledge of deploying security scanning tools in large enterprise network
• Strong Web application security experience with thorough understanding of web application, Mobile Application vulnerabilities
• Good skills on operating systems and command line operations specially Unix.
• Knowledge of database, application, and Web server design and implementation
• Familiarity with Security Standards and groups (OWASP, OSSTM, WASC, FISMA)
• Experience in client handling including interaction with developers for understanding the mitigations
• Working knowledge and experience integrating Telecomm Applications with VM Technologies.
• Experience of integration with multiple external technologies e.g. Incident Management, CMDB (Remedy, Service Desk), PAM, IDAM, SIEM, Third party applications.
• Execution of enterprise wide Infrastructure Vulnerability Assessment, Penetration Testing program
• Advanced understanding of networking, system of systems architecture In-depth knowledge of architecture, engineering, and operations
• Experience of end to end vulnerability management and penetration test program.
• Experience of vulnerability remediation work flow, ticketing lifecycle etc preferred.
• Strong Understanding and working experience of SDLC include SIT, UAT and NFT. Execution experience of Performance testing.
• Bachelor s degree in management information systems, computer science, or related discipline is required.
• Defining integration approaches and creating interface documentation, Test cases for SIT, UAT and NFT.
• Strong understating of Defense in Depth Architecture and security technology used at each layer.
• Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001)
• Advanced knowledge and experience with the multiple operating systems (Windows, *nix, OSX, VMware, IOS and other infrastructure device OS)
• Technology Landscape, Education and Certification
• Configuration Analyzer - -> Algosec firewall Analyzer, Tuffin Configuration manager, IBM QRM.
• Vulnerability Management --> Qualys guard, Nessus
• Certified Computer Forensics and Forensics Investigator ( CHFI )
• Certified Ethical Hacker (CEH)
• EC Council Certified Security Analyst (ECSA) Key Skills: Extensive experience of 8+ years in Application / Network Security Assessment
• Good at application threat modeling and Applications risk exposure
• Experience in dynamic and static application vulnerability scanners like Rapid7 AppSpider, HP WebInspect, IBM AppScan, HP Fortify, etc.
• Experience of using Network security assessment tools like Rapid7 Nexpose, Metasploit, Nessus, Qualys etc.
• Experience in manual security assessment of applications and infrastructure
• Establish Vulnerability Management framework & process including Vulnerability assessment, treatment, acceptance/exception
• Manage VAPT and Secure Configuration Management process
• Ensure the coverage and track new assets & applications which are going live and VA/PT, Security Configuration Assessment are conducted before going live and periodically after going live.
• Knowledge of scripting languages like Ruby, Python etc
• Knowledge of web development would be preferred
• Knowledge of deploying security scanning tools in large enterprise network
• Strong Web application security experience with thorough understanding of web application, Mobile Application vulnerabilities
• Good skills on operating systems and command line operations specially Unix.
• Knowledge of database, application, and Web server design and implementation
• Familiarity with Security Standards and groups (OWASP, OSSTM, WASC, FISMA)
• Experience in client handling including interaction with developers for understanding the mitigations
• Working knowledge and experience integrating Telecomm Applications with VM Technologies.
• Experience of integration with multiple external technologies e.g. Incident Management, CMDB (Remedy, Service Desk), PAM, IDAM, SIEM, Third party applications.
• Execution of enterprise wide Infrastructure Vulnerability Assessment, Penetration Testing program
• Advanced understanding of networking, system of systems architecture In-depth knowledge of architecture, engineering, and operations
• Experience of end to end vulnerability management and penetration test program.
• Experience of vulnerability remediation work flow, ticketing lifecycle etc preferred.
• Strong Understanding and working experience of SDLC include SIT, UAT and NFT. Execution experience of Performance testing.
• Bachelor s degree in management information systems, computer science, or related discipline is required.
• Defining integration approaches and creating interface documentation, Test cases for SIT, UAT and NFT.
• Strong understating of Defense in Depth Architecture and security technology used at each layer.
• Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001)
• Advanced knowledge and experience with the multiple operating systems (Windows, nix, OSX, VMware, IOS and other infrastructure device OS)
• Technology Landscape, Education and Certification
• Configuration Analyzer - -> Algosec firewall Analyzer, Tuffin Configuration manager, IBM QRM.
• Vulnerability Management --> Qualys guard, Nessus
• Certified Computer Forensics and Forensics Investigator ( CHFI )
• Certified Ethical Hacker (CEH)
• EC Council Certified Security Analyst (ECSA)

Keyskills :
securitydocumentationinterfacemodelingmanagementetworkincidentthreatconfiguration