Vulnerability Management @ LTIMindtree

Job Description

• Having Basic knowledge of Vulnerabilities, system weaknesses, patching process vulnerability mitigation process.
• Review the application design, architecture, business flow, and implementation and identify security testing scope and recommendations.
• Execute penetration test validating against Industry standard test checklist and document every result.
• Identify the security issues, and weaknesses and suggest countermeasures for remediation and security improvements.
• Prepare security assessment reports leveraging the customized template with POCs.
• Adept at selecting and utilizing appropriate technologies to solve complex problems effectively.
• Keep up to date with evolving cyber threats and identify any new and sophisticated methods of detecting vulnerabilities.

Knowledge & Skills :

• Beginner + Knowledge of Operating systems, Basic Network knowledge, vulnerability management processes, analysis of vulnerabilities, exception/False positive analysis, Vendor Advisory handling
• VA tool administration/basic configuration level knowledge (menus/option, running scans, asset group, profiles/templates, Qualys Agent workflow, deployment, solution level troubleshooting, etc.,) and its modules, VM process
• Knowledge of Microsoft Excel commands/functions/ pivots etc. for reporting.
• Integration process (Qualys/SNOW/ automation tool in place. etc.)
• Attending internal/client calls
• Intermediate + Good Network knowledge (function of routers, Gateways security tools, Firewall etc., troubleshooting reported vulnerabilities, help remediation teams with additional inputs, reviewing and publishing vendor Advisories, vendor management (interacting with vendor/TAMs etc., )
• Team handling (cross-skill team, conduct internal training.
• Vulnerabilities, Vendor Advisory analysis and publish reports.
• End-to-end VA tool administration, understanding integrations ( Ticketing tools), manage and finetuning advance configuration (design report templates etc., solution design knowledge, advanced level troubleshooting etc.,) and knowledge of additional modules and deployment.
• Knowledge of security process/SLAs, solutions/status reporting)
• Handling client/LTIM security team/CISO levels (Interacting with client, handling calls, preparing, review and present VM status/risk level posture,), handling internal remediation calls.
• Work on VM enhancements, review additional modules, 3rd party solution and recommend as needed for Client environment. prepare the documents/SOPs etc.
• Highly customer-focused and motivated with a willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.
• Exceptional behaviors and interpersonal skills.
• Effective oral and written communication
• Able to perform Triaging, Vulnerability Management & handling internal teams, management, and client security teams and Vendors calls handling
• Team management.

Education Background:

• 6-10+ years of hands-on experience in Security/PEN Testing practices.
• Hands-on experience in application penetration testing (Web, API, Mobile, Thick Client) without or with tools such as but not limited to.Kali Linux, Burp Suite, Nmap, ZAP, Metasploit, Nessus, etc.
• Good Knowledge and experience on OWASP Top 10 Methodologies, SANS Top 25 and how to effectively remediate vulnerabilities associated with each.
• Industry Certifications: CEH, VM tool solution level certifications, other security solution

Employement Category:

+ View Contact

Keyskills:   management qualys vulnerability ms defender