Lead – VA/PT

Purpose of the role:

Leads the implementation and delivery of VA/PT tools and services for our global clients.

Responsibilities:

• Daily assessment of vulnerabilities identified by infrastructure scan.
• Assist in the responsibility for the reviewing vulnerabilities’ data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and a changing environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets using industry recognized frameworks/risk ratings.
• Perform the penetration test on computer systems, networks, web-based and mobile applications.
• Conduct security and network audits to assess how effectively a system adheres to predetermined standards.
• Plan and perform the penetration test on computer systems, networks, web-based and mobile applications.
• Evaluate, rate, and perform risk assessments on assets.
• Prioritizing vulnerabilities discovered along with remediation timeline(s)
• Send and receive notifications to the SMEs of vulnerabilities within the environment.
• Interaction with multiple global teams (security architecture, penetration testing, application development, Risk Officers, etc.)
• Maintain knowledge of the threat landscape
• Provide vulnerability analysis and assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.

Skills:

• Knowledge of application, network, and operating system security.
• Experience with vulnerability and patch assessment
• Good understanding of Windows and Linux patching
• Knowledge of vulnerability scoring systems (CVSS/CMSS)
• Experience on VA/PT tools
• Ability to learn new technologies.
• Excellent writing and presentation skills are required in order to communicate findings and status.
• Cleary communicate priorities and escalation points/procedures.
• Detail oriented, organized, methodical, follow up skills with an analytical thought process.

Experience:

• Management Level: Team Lead
• Work Experience: 7-9 years
• Work location: Gurugram
• Technical Experience: At least 6 years of TVM domain hands-on experience

Professional Certifications:

IT Security Certifications such as Certified Vulnerability Assessor (CVA), Certified Ethical Hacker (CEH), CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information System Auditor), CISSP (Certified Information Security Professional) or CISM (Certified Information Systems Manager) is good to have.