Analyst Vulnerability Management

Req ID:455765 

We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 38 900 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.    

OVERALL PURPOSE OF THE ROLE:

The primary responsibility of the Threat and Vulnerability Management Analyst is to apply ethical hacking principles to safeguard organizations assets. The ideal candidate will enhance the security program by performing activities varied from Vulnerability assessment and management, Penetration testing, Source code review and implementation of Secure SDLC programs

RESPONSIBILITIES:

• Keep track of new and emerging threats and vulnerabilities, verify applicability in organizational context and initiate remediation activities as necessary
• Analyze assessment reports provided by vendors / 3rd parties and resolve them within defined SLAs
• Identify and remove false positives in assessment reports and challenge remediation teams when issues are highlighted for exception
• Develop remediation plans by partnering with Infra / Application owners. Provide guidance on patching, configuration settings and/or implementation of additional security controls to prevent vulnerabilities from being exploited
• Define the scope of assessment activities across both Internal and Partner organization
• Analyze threat intelligence reports across the internet. Identify gaps in the environment and suggest tools, technologies and processes to address them
• Design and deliver actionable Information Security dashboards
• Define and develop information security metrics program. Automate key metrics for real time reporting.
• Define KPIs and track the progress with both partners and internal teams
• Create awareness across the organization on the importance of following good security practices, Secure SDLC program and its benefits
• Holding regular meetings with partners and present periodic status reports and highlight key issues to senior leadership
• Provide advice on general security topics and participate in incident resolution disputes when necessary
• File and manage security exceptions for infrastructure, network and application related vulnerabilities
• Prioritize the vulnerabilities based on risk and drive it till closure using tools like Qualys, Skybox and Secops

TECHNICAL COMPETENCIES & EXPERIENCE 

• Bachelor’s/Master’s degree in Engineering/Technology or related field
• Minimum 6-8 years of relevant IT experience
• Professional industry standard certifications like CISSP, CEH, GPEN, OSCP, etc.
• Exposure to threat modelling, systems hardening and Secure SDLC program would be an added advantage
• Exposure to Application penetration testing and ethical hacking activities would be an added advantage
• Experience in red teaming assignments, manual security testing and source code analysis
• Ability to developing custom scripts on demand as required for vulnerability detection and response, reporting of results
• Thorough understanding of tools like Qualys, Veracode, Nessus, AppScan, Skybox
• In-depth Knowledge of TCPIP stack, OSI layer, Application Programming interfaces, Middleware and Mobile technologies
• Knowledge of Penetration testing methodologies; OWASP, OSSTMM, PCIDSS would be an beneficial
• Experience with CVSS and classification of vulnerabilities
• Ability to grasp new and emerging technologies and prepare business case for technology adoption
• Experience in creating processes in complex multivendor ecosystem
• Solid understanding of ITIL process framework
• Proven planning, prioritization, and organizational skills
• Ability to drive change through innovation & process improvement
• Professional & concise communication (written & verbal)
• Strong analytical skills with demonstrated problem solving ability

An agile, inclusive and responsible culture is the foundation of our company where diverse people are offered excellent opportunities to grow, learn and advance in their careers.  We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals.