Vulnerability Management Lead

Mandatory Skill- Rapid 7

Resource should have experience working on implementation migration, upgrade Rapid7 Nexpose to Insight VM

Job description: -

Experience working on vulnerability assessment tools Rapid 7 Nexpose, Insight VM.

Experience implementing and upgrading the Rapid 7 platform, agents, scanners

Experience configuring sites, asset groups, Tags

Experience driving vulnerability remediation and governing a team of resources

Able to drive vulnerability process enhancements by defining, discussing with client teams

Experience driving teams on day-to-day activities on Rapid 7 platform, monitoring, maintenance tasks and configuring and running scans.

Should have clear understanding on vulnerabilities and what it requires to remediate

Should be able to present vulnerability risk, remediation status on a weekly or bi-weekly basis

Should have good knowledge of analyzing vulnerabilities, prioritization based on risk. Driving remediation or closure of the vulnerabilities with remediation teams.

Experience working on analyzing, bucketizing and driving vulnerability remediation with the asset owners, app owners.

Able to provide remediation solutions for the vulnerabilities based on the unique vulnerability categorization. Support teams to understand what is required to remediate vulnerabilities.

Experience working on various associated process like asset decom, exception management, false positive suppression etc.

Work on asset owners mapping, sorting vulnerability remediation dependencies for ones where there are multiple parties involved.

Ensuring team is working on creating service now tickets to distribute vulnerabilities to remediation teams

Experience in preparing KPI, Metrics, PowerPoint slides to provide status updates to client.

Experience working on Rapid 7 reports, SQL query's to fetch reports as required.

Able to understand, design and develop threat mitigation strategy, prioritize identified threats, managing risks associated with threats

Provide technical expertise in providing compensating controls for exception vulnerabilities

Good knowledge on reporting and analytical support on vulnerability remediation trend and risk

Good understanding of analyzing process, SOP's and work towards enhancing them.

Experience with accessing information security and Risks on a variety of platforms, including Mainframe, Oracle, Unix, Windows, Networks, Firewall and E-commerce

Worked on CIS security controls to configure the controls in the tool template and validate control effectiveness on servers, network devices will be a plus

Should Possess good knowledge of standards and compliance such as ISO 27001, PCIDSS

Experience in utilizing tools to enhance reporting, vulnerability distribution and follow up.

Should have a good communication skills & customer handling skill.

Qualification: Candidate should be graduate preferably B.E/ B. Tech/MCA.

Certification: Candidate should have done certifications like CISSP/CISA / ISO 27001 LA or other relevant product vendor certification.

Experience: Candidate should have specific experience of 8 + years working on Vulnerability Management Lifecycle and managing team and client. Overall Cyber Security experience 11+ years.

Soft Skills:

Motivated to complete all tasks and projects, should be self-driven and responsible to achieve all tasks, deliverables as per scope

Excellent spoken English skills

Excellent writing skills. Must be able to create/edit technical documentation.