Senior Vulnerability Management Consultant

Job Summary

We are seeking a highly skilled and experienced Senior IT Security Consultant specialized in Vulnerability Management to join our team in a leading pharmaceutical company. The successful candidate will have a minimum of 5 years of experience in the field a Bachelor s degree and a deep understanding of vulnerability management processes and tools. You will manage & configure the Qualys environment and be responsible for driving the identification and management of vulnerabilities in systems together with the VM analysts. You will drive and assist in various projects (CIS benchmarks VM Automation Secure configurations (ESXi Database MS Defender ) firewall reviews )

Functional Responsibilities

1. Manage and Configure Qualys Environment:

o Ensure effective vulnerability management by configuring and maintaining the Qualys

environment.

o Monitor and optimize vulnerability scanning processes.

2. Collaborate with VM Analysts:

o Work closely with vulnerability management analysts to identify assess and prioritize

vulnerabilities in UCB s systems.

o Assist in developing remediation plans and tracking progress.

3. Run and oversee the vulnerability management program & campaigns

o ensuring timely and effective communication with IT stakeholders for patching remediation

and lifecycle management.

o Create detailed reports and dashboards to communicate effectively with stakeholders.

4. Drive and Assist in Various Security Projects:

o Implement CIS benchmarks to enhance security posture.

o Automate vulnerability management processes to streamline identification and remediation

through basic scripting and API s.

o Ensure secure configurations for Windows Linux ESXi databases Microsoft Defender...

o Conduct thorough firewall reviews to validate rule sets.

5. Stay Informed:

o Keep uptodate with industry best practices emerging threats and security trends.

o Apply this knowledge to improve vulnerability management practices.

6. Provide Expertise and Guidance:

o Offer insights on vulnerability management strategies tools and techniques.

o Collaborate with crossfunctional teams to enhance overall security.

7. Risk Assessments and Documentation:

o Participate in risk assessments and security audits.

o Develop and maintain documentation related to vulnerability management processes.

o Document changes following ITIL best practices and work closely with the compliance

teams.

8. Continuous Improvement:

o Act as a subject matter expert in vulnerability assessment tools.

o Continuously optimize and refine vulnerability management processes.

Requirements

Education

Bachelor s degree in Computer Science Information Systems or a related field.

Qualys certification and other relevant security certificates like CISSP CEH CISA are preferred.

Experience

Minimum of 5 years of experience in vulnerability management including vulnerability

assessments and penetration testing.

Proficiency in Qualys VMDR Microsoft Defender (TVM) and BitSight.

Experience with basic scripting API work and automation.

Knowledge of Power BI or other dashboarding/reporting tools

Familiarity with CIS benchmarks secure configurations (Windows Linux esxi databases

defender...) Azure and containers.

Familiarity with CVE CVSS EPSS

Experience with BMC Helix CMDB/ticketing system is a plus.

General cybersecurity knowledge.

Experience with common network protocols operating systems and application architectures.

Skills

Strong analytical and problemsolving skills.

Excellent communication and interpersonal skills.

Ability to work effectively in a team environment and independently.

The candidate has to be familiar with working in a validated (pharmacompliance requirements) system environment (e.g. itil change management processes and change management tools

documentation of work and system configuration).

Being able to translate technical items (vulnerabilities cve s exploits ) and the impact to systems in easy to understand remediation tasks.

Ability to document keep track and followup on remediation efforts.