EWT Security | Vulnerability Management Analyst - AM
Gurgaon, Haryana, India
KPMG India
KPMG is a global network of professional firms providing Audit, Tax and Advisory services.The role involves supporting the end to end vulnerability management (VM) service. The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.
The Vulnerability Management Analyst will:
- Work collaboratively with internal stakeholders to perform risk based technical assessments on technical vulnerabilities;
- Provide vulnerability remediation prioritisation recommendations to internal stakeholders;
- Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation issues as necessary;
- Influence colleagues to drive vulnerability remediation in a collaborative manner to help achieve operational and strategic targets;
- Perform review of any exception requests related to technical vulnerabilities, providing recommendations and documenting findings and actions;
- Identify and drive vulnerability management service improvements, especially through the use of automation.
- Collate and analyse data from internal stakeholders on technical vulnerabilities to support any information requests from leadership and or KPMG clients;
- Support configuration and reporting requests within vulnerability management technology;
- Work with vulnerability management technology vendors to support any vulnerability management activities;
- Attend and support internal and external audits from a vulnerability management service perspective;
- Support investigations and resolutions of security problems to find a root cause and find a balanced outcome;
- Provide analysis on trends and proactively highlight issues and areas of concern;
- Maintain and update service documentation, such as process guides;
- Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs).
- Provide advice to VM service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks,
- Input to development of vulnerability management standards and security policies;
- Work towards and achieve or extend professional certifications as part of personal development.
You must have:
- Minimum 1-2 years relevant experience in a similar vulnerability management analyst role;
- Understanding of the tooling associated with vulnerability management.
- Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure;
- Experience and knowledge in vulnerability management of container or serverless platforms;
- Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services;
It would be advantageous if you can demonstrate some, or all of:
- Experience and knowledge of Google Cloud Platform;
- Experience and knowledge of web application vulnerability scanning
- Experience of Industry standard Vulnerability Management tooling such as such as Qualys, Tenable, Microsoft Defender ATP and ServiceNow; Experience of other industry leading Risk based vulnerability management tooling, such as Kenna Security or other security related vulnerability management platforms.
- Any security or vulnerability management product certification.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation AWS Azure Cloud GCP KPIs Qualys Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs