Responsible for identifying and analysing the security vulnerabilities identified by the vulnerability scanners used across the organisation as well as for managing technical configurations changes on the security tools in order to ensure compliance with the policies. Close interaction and alignment with Local Market vulnerability management and application management groups is necessary to successfully act on the role.
Responsibilities
Use automated tools (e.g. Tripwire, Nessus) to pinpoint vulnerabilities and reduce time- consuming tasks
Use available manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
Track managed vulnerabilities over time for metrics purposes and present comprehensive Vulnerability Assessments
Maintain a vulnerability database until vulnerability features are developed in security tool
Analyse the discovered security vulnerabilities
Be responsible of the Vulnerability DB that tracks all the open, closed, managed, not managed vulnerabilities until vulnerability features are developed in security tool
Perform risk analysis by using proprietary methodologies for risk calculation.
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Maintain procedures to implement and improve vulnerability analysis
Actively support increasing the perimeter scanning coverage by analysing and comparing scanning result against baselines
Promote and support on improvement initiatives within the organization
Requirements
Relevant experience with vulnerability scanning/testing tools (e.g. Qualys, Nessus, Tripwire or others)
System administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems
Computer networking concepts and protocols, and network security methodologies
Knowledge of Wintel/UNIX/Linux O.S. environment
Experience on using Remedy – or any ticketing tool
Host/network access control mechanisms (e.g., access control list, capabilities lists)
Nice to have:
Experience with security standards and audits(e.g. ISO27001, SOX, PCI-DSS)
Cryptography and cryptographic key management concepts
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
