Vulnerability Risk management
Previous Job
Previous
Vulnerability Risk management
Ref No.: 18-25935
Location: Indianapolis, Indiana
Position Type:Right to Hire
Start Date: 04/16/2018
 
SN Required InformationDetails
1 RoleVulnerability Risk management – Infrastructure & Web Application Security Role.
2 Required Technical Skill SetVulnerability management identification, Analysis, governance, risk and compliance.
Data, Threat and risk analysis and mitigation.
IBM Appscan,
Client fortify,
Burpsuite,
Acunetix
CheckMarx
Networking & Telecommunication.
System administration (Windows, Linux, Unix, Mac OS X,iOS)
Databases (Oracle, sql server, MySQL)
Web servers ( Apache, MS IIS)
Web application (.Net, Java, Cold fusion, PHP, Node.js, Ruby on Rails)
Authentication/Access controls (MS Active directory/LDAP).
Analytical thinking & strong written and communication skills.
3 No of Requirements: 1
4 Desired Experience Range5+ years
5 Location: Indianapolis
   
 
 
 
Desired Competencies (Technical/Behavioral Competency)
Must-Have Technical: Vulnerability management identification, Analysis, governance, risk and compliance.
Data,Threat and risk analysis and mitigation.

Non-Technical:
N/A
Good-to-Have ·        CISSP,CRISC,CEH,GIAC certification
 
SN Responsibility of / Expectations from the Role
1 Establish relationship with internal and external customers and partner with them to monitor and maintain security controls across corporate and business applications and devices.
2 Interact with customers or other stakeholders to aid in the resolution of vulnerabilities that have been identified.
3 Assist in defining and continually improving vulnerability risk management requirements for global IT support organizations.
4 Develop processes and/or Improve processes related to vulnerability risk management. This includes working with various platform or application teams to ensure their portfolio includes VRM deliverables.
5 Collaborate with our team to conduct vulnerability assessment and monitoring services across applications and devices that are in scope of the services, including leading continuous improvement efforts over time in response to customer feedback and internal reviews.
6 Collaborate with business units to identify and implement VRM operational needs and assist with remediation coordination efforts.
7 Resolve technical issues escalated from the SOC as they relate to various components of the VRM services.
8 Technical SME for the VRM tools used to perform scans on global devices and applications.
9 Triage newly identified critical vulnerabilities and Zero-Day vulnerabilities, assess threat and impact information, manage escalation process for remediation based on risk.
10 Continuously improve the processes and procedures to include reporting exceptions for further review including escalation to the appropriate risk owners.
11 Coordinate with the threat intelligence team and SOC to drive key vulnerability initiatives.
12 Interact with stakeholders to develop and fine-tune the process of how metrics are calculated and communicated.
13 Provide written and oral communication as appropriate to the information security manager related to VRM quantitative metrics, reporting and analysis.
14 Follow departmental change management process to ensure appropriate implementation of metrics and reporting capabilities.
15 Lead services to integrate static and dynamic application security testing into the SDLC to ensure new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.
16 Lead services to integrate Policy compliance scanning and vulnerability scanning solutions into device implementation processes
17 Integrate Internal business intelligence of high value assets into VRM tools.
   
  Required Skills & Experience:
1 Tools:  
IBM Appscan
Client fortify
Burpsuite
Acunetix
Checkmarx
2 Comprehensive knowledge of application vulnerability management identification, analysis, metrics and reporting tools as well as processes enabling proper governance, risk and compliance.
3 Working knowledge of ITIL and experience working with IT services.
4 Strong written and communication skills. 5+ years of advanced experience with:
Data analysis and problem resolution. Must be able to integrate and correlate large amounts of data to identify complex patterns and trends.
5 Applying good risk-based judgement to complex problems.
6 Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation.
7 IT Infrastructure solutions such as an Networking & Telecommunications, System Administration (Windows, Linux, UNIX, Mac OS X, iOS), Database ( Oracle, SQL Server, MySQL), Web Servers (Apache, MS IIS), Web application (.Net, JAVA, Cold Fusion, PHP, Node.js, Rube on rails) and authentication / access control technologies ( MS Active Directory, LDAP)
8 Experience in assessing the risk of a proposed solution, escalating appropriately and driving to closure.
9 Ability to think analytically and to understand and communicate quantitative information.
Type Details of The Role (For Candidate Briefing)
Reporting To Which Role Vulnerability and risk management
Size of the Team, if any Reporting to this Role 1
On-site Opportunity Yes
Unique Selling Proposition (USP) of The Role  
Details of The Project (A short Briefing on the Project may be attached with this document for candidate- briefing). It may be shared with external stakeholders like job-agencies etc. Eli lilly and company, Indianapolis.
( Pharmaceuticals )