IT Security Lead (Vulnerability Management and PenTest)
Long term contract
We are looking for a Lead Security Analyst who is expert in Vulnerability Management (VM) and PenTest who can run the VM implementation end-to-end
- Administers the reporting functions of security monitoring systems, assisting in the identification and creation of appropriate reports for delivery to management.
- Review all vulnerability scan results to identify all security risks and report on findings to appropriate partners
- Responsible for researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
- Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions
- Validate remediation by reviewing application updates or deployed mitigations to verify resolution.
- Build effective relationships with stakeholders who own and support applications, IT infrastructure, and operations.
- Evaluates new and emerging technology while making security recommendations to ensure the risk is controlled at an acceptable level.
- 6-7 years of deep experience on Vulnerability remediation process on Converged Infrastructure
- Expert level experience in Vulnerability Management systems and tools like QualysGuard
- Expert knowledge with information security methodology and tools such as access control, patching systems, zero-day threats, incident response and vulnerability management tools.
- Advanced Threat Defense
- Network security, Website security, Application security (SDLC), Server Security, Cyber Security, Internet security experience
- Two or more of the following certifications: Security+, SANS, CISA, ECSA. CEH or CISSP , CCNA, CCNP certification desired and a plus.
- Understanding of controls (e.g., access controls, auditing, authentication, encryption, integrity, physical security, and application security).
- Must be well versed in operating systems such as Linux and Windows, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
- Experience with vulnerability scanners, vulnerability management systems, patches management, and host based security systems. Host Based Security Systems, patch management.
- Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web Application Firewalls (WAF).
Keywords: Qualys, Server, OS, Servers, CEH (Certified Ethical Hacker), Network, information security, access control, patching systems, zero-day threats, incident response and vulnerability management tools, IT Security Lead, Cyber Security Lead Engineer, IT Security Architect, IT Security Consultant
Please send your resume to email@example.com