Vulnerability Management & Infrastructure Security Compliance Engineer

Vulnerability Management & Infrastructure Security Compliance Engineer

• 5+ years of experience in vulnerability management and infrastructure compliance monitoring.
• Experience with vulnerability management platforms (e.g., Tenable.io, Qualys VMDR, Rapid7 InsightVM) and Penetration Testing tools.
• Strong experience in monitoring vulnerabilities in Cloud environments, Containers, Kubernetes, security technologies.
• Experience in handling enterprise vulnerability assessment and management.
• Perform recurring and on-demand scanning of organization systems both on-premises and cloud environments.
• Analyze vulnerabilities and threats, determine their potential impact, and recommend strategies for risk prevention.
• Generate detailed reports on vulnerabilities, their impact, and the status of remediation efforts. Communicate findings to stakeholders and track remediation.
• Engage in vulnerability management program reviews and continuous improvement initiatives, providing input on enhancements to scanning and reporting processes.
• Providing expertise on vulnerability exploitation and mitigation.
• Develop and maintain vulnerability management documentation, including policies, procedures, and playbooks, including creating response plans for critical vulnerabilities.
• Improve existing vulnerability management systems and reporting and provide technical support for vulnerability management projects.
• Knowledge of vulnerability data management and reporting process automation.
• Perform compliance monitoring on Infrastructure estate including but not limited to Server based technologies, networking devices, Databases, Firewalls etc.
• Ensure compliance with relevant security standards, policies, and regulations.
• In-depth knowledge of information security best practices.
• Knowledge of OWASP tools and methodologies.
• Knowledge of technical concepts such as cloud computing, automation, networking.
• Familiar with regulatory & International security frameworks and its compliance.
• Certification such as CEH, CVA, CompTIA Security+, CISM, CISSP, Pen-Testing
• Knowledge of scripting languages such as Perl or Python
• In-depth knowledge of network protocols, operating systems, and common vulnerabilities.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Management and Manufacturing

Industries : Business Consulting and Services

#J-18808-Ljbffr