[Hiring] DIGITAL SECURITY - SOC Services @Zensar

Role Description

As a Vulnerability Management Specialist, you will support the SOC team in their daily activities and administrating Operational Security Processes. You will be asked to identify improvements in current processes and formalize them through clear documentation.

• Perform global infra vulnerability scanning along with change management process.
• Help system administrators to deploy and troubleshoot Qualys agent on different operating systems (Windows, Linux, AIX, etc).
• Analyze scan results and deploy Qualys appliances (virtual and physical) to enhance scan coverage.
• Responsible for understanding, reviewing, and interpreting assessment and scanning results, reducing false positive findings, and acting as a trusted security advisor to the client.
• Identify and prioritize all vulnerabilities in client environments and provide timely vulnerability assessment reports to key stakeholders.
• Develop and report enterprise-level metrics for vulnerabilities and remediation progress.
• User requests administration: manage user requests on the platforms. Add Hosts, Assets Groups, create scan, report or Dashboard (using the standard and process delivered by SOC SG), including Emergency stop of scan.
• Manage Vulnerability Scan for GTS: Manage the Change management process to request a scan on GTS infrastructure. Manage the change creation, the achievement of the change process followed by the job creation on Qualys platform.
• Present Vulnerability Assessment Scanning and guidance, False Positive Validation, Compliance Scanning, and scan profile and policy creation.
• Analysis of vulnerability: based on group standards, manage the alerting on critical vulnerabilities found by a vulnerability scan and follow the mitigation with remediation teams.
• Ability to identify false positives.
• Knowledge of vulnerability management frameworks and concepts such as CVE, CVSS scoring systems, and attacking vectors.
• Dashboard: generate monthly and quarterly reports and dashboards.
• Understanding of Qualys tags.
• Manage Internal Qualys infrastructure: survey the status of Qualys appliances and manage the RMA process and deployment of new appliances.
• Implement automated, proactive security measures.
• Hands-on Qualys modules Vulnerability Management, Security Configuration Assessment (SCA)/Policy Compliance, Container Security, Cloud Agent, Cloud security.
• Knowledge and experience in Terraform, Python, and any scripting is required.

Qualifications

• End-to-end understanding of Vulnerability management (scanning, remediation follow-up, false positive verification).
• Conduct Network and System Vulnerability assessments and documentation of corrective/remediation actions.
• Drive the end-to-end vulnerability lifecycle from discovery to closure.
• Identify internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer's information assets.
• Identify and prioritize all vulnerabilities in client environments and provide timely vulnerability assessment reports to key stakeholders.
• Ensure timely follow-up with patch management and vulnerability remediation in coordination with Countermeasures personnel.
• Good knowledge in the Qualys Vulnerability assessment tool & Management.
• Complete certification in Qualys Guard: Qualys VMDR, Qualys Cloud Agent, Qualys Policy Compliance, Qualys CSAM, EC-Council CEH.

Benefits

• Inclusive workplace culture.
• Opportunities for growth and learning.
• Commitment to well-being and individual celebration.