CSW Discovers its 50th Zero Day!

VMaaS Engineer

Education : Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience

Experience : 2 - 4 Years

Location : Chennai

No of Positions : -

Role


The Information Security Engineer on the Cybersecurity Vulnerability Assessment Services
(CVAS) team within Enterprise Security is primarily responsible for identifying, establishing,
enhancing, and performing operational functions of vulnerability management. Operational
functions include establishing and maintaining scanning capabilities, identifying
vulnerabilities through scanning capabilities, and providing remediation oversight of
vulnerabilities on CSW Client’s servers, databases, applications, network elements, and
other systems. The engineer is responsible to assist with realizing strategic security
initiatives to improve the team capabilities associated with vulnerability management and
vulnerability scanning methodology. 
The engineer must possess general knowledge of cybersecurity threats, vulnerabilities, and
technologies. The engineer must possess broad knowledge of Information Security and
Information Technology (IT) systems as well as a reasonable understanding of all disciplines
of networking, programming, application development, and system administration. The
engineer must have effective oral and written communication skills to provide remediation
oversight of vulnerabilities, document team procedures, and processes, and assist with
documents intended for executive review and approvals. The engineer must be able to work
independently, as well as collaboratively with others, to foster consulting relationships with
internal partners.

Responsibilities

  • Perform operational support of vulnerability management systems and applications
    that the CVAS team is responsible to maintain and define documented procedures
    and processes.

  •  Coordinate and lead routine vulnerability scanning and remediation oversight on
    CSW client’s systems as required for compliance of Payment Card Industry Data
    Security Standard (PCI DSS), Cybersecurity Maturity Model Certification (CMMC), and
    other industry compliance standards as necessary.

  • Contribute to realizing strategic security initiatives to improve vulnerability
    management and vulnerability scanning capabilities through automation
    development, processes enhancements, and infrastructure expansion.

  • Identify deficiencies within vulnerability management and vulnerability scanning
    tools, procedures, and processes and provide recommendations for improvement
    and automation.

  • Create reports and generate vulnerability metrics for executive management levels
    to utilize in making informed business decisions that impact the security of CSW
    Client’s and its customers.

  • Identify vulnerabilities on CSW Client’s systems through vulnerability scanning for
    CSW Client’s infrastructures, products, and services encompassing network
    elements, operating systems, databases, and applications across the corporate
    enterprise.

  • Perform active cyber defense activity and threat hunting by proactively and iteratively
    searching through networks to detect and isolate advanced threats that evade
    existing security solutions and zero-day vulnerabilities specific to the CSW client’s
    infrastructure.

  • Contribute to developing, facilitating, and maintaining the Information Security Policy,
    Methods; Procedures, Technical Standards, Technical Best Practices, and general
    processes for vulnerability management.

  • Represent Corporate Security as a Subject Matter Expert (SME) regarding CSW
    Client’s vulnerability scanning capabilities and methodologies.

  • Oversee the response to High severity vulnerabilities that impact CSW Client’s
    systems by analyzing the vulnerabilities, identifying systems impacted, and
    collaborating with system owners to communicate the risk of vulnerabilities,
    establish remediation priority, and validate remediation efforts.

  • Instill a security culture company-wide through vulnerability awareness and
    remediation mindset.

What We Look For in a Candidate

  • Undergraduate degree in Information Security, Computer Science, Computer
    Engineering, or related field, or equivalent experience.

  • 2+ years experience in Information Security.

  • Experience utilizing multiple vulnerability scanning tools and platforms.

  • Knowledge of current and emerging cybersecurity threats, vulnerabilities, and
    technologies.

  • Awareness of NIST Vulnerability Database pertaining to vulnerability severity ratings.

  • General understanding of common networking protocols.

  • General understanding and experience of UNIX derivative operating system
    distributions as well as various Windows operating systems.

  • Effective oral and written communication skills and comfort with presenting
    technical issues to all levels of management, as well as non-technical staff.

  • General understating on API integration concepts.

Preferred Qualifications:

  • Applied experience performing vulnerability scanning and vulnerability management
    functions for medium to large enterprises encompassing network
    elements/protocols, operating systems, databases, and applications including
    systems in scope for a compliance standard.
  • Applied experience with OWASP Top 10, SANS Top 20, and NIST Vulnerability
    Database.
  • Strong problem-solving skills to adapt to client environment and provide support.
  • Basic knowledge of programming languages such as Python, C#, GoLand, or UNIX
    Shell, API programming.
  • Strong understanding of network architecture and switching/routing
    implementation as it relates to scanner placement.
  • Awareness of information security industry and regulatory obligations (PCI, FISMA,
    HIPAA, ISO 27001/27002, NIST Framework, CMMC) pertaining to vulnerability
    management.