*Hi,* *This is Arvind, - Recruitment and Resources from SancroSoft USA Inc.*
We have an urgent requirement as follows: Please respond with resumes in MS-Word Format with the following details to *arv...@sancrosoftusa.com <arv...@sancrosoftusa.com>* Full Name : Location : Contact Number : Email : Availability : Visa Status : *Requirement Details* *Vulnerability Management Operations: Vulnerability Operations Analyst * Location : Weehawken-NJ Department : IT - Security Technologies *Position Purpose * This role is responsible for the operations for detecting security vulnerabilities present in platforms, infrastructure, networks and common production applications for the Client global enterprise. Working within the global Vulnerability Management team, this role involves the review and risk rating of security vulnerabilities pertinent to the Client infrastructure, operating the vulnerability management toolkit to detect vulnerabilities and security risks across the enterprise and driving and tracking the security remediation progress across various responsible teams globally. A key aspect of the role is the ongoing development and maintenance of reports and metrics to provide a visualization of the Bank's vulnerability management effectiveness and security position, and identify weaknesses in controls in order to drive change and improvements and measure the success of these change initiatives. This is a technical, hands-on role and the ideal candidate has experience working within a similar function in a large, distributed environment, with a strong understanding of and enthusiasm for technical security concepts, security threats and vulnerabilities. *Key Responsibilities / Duties: * · Identifying published vulnerabilities affecting Client and immediately understanding · the exposure of the Bank's assets · Risk rating applicable vulnerabilities and communicating risks to relevant · remediation streams · Operating vulnerability assessment tools, including network scanners and host- · based detection agents to provide continuous monitoring of the estate and · detection of vulnerabilities. This includes the liaison and management of 3rd party vendors who provide independent vulnerability assessments of the UBS perimeter · Ensuring an active assessment capability across all networks and infrastructure. · Continuing to monitor the effectiveness of this assessment capability and working · with engineering teams to improve the capability where necessary · Automation and scripting of common tasks to increase efficiency · The ongoing development of KPIs, reporting and metrics and communication as to · the state of vulnerabilities globally. · Continuous analysis of vulnerability and security data to identify trends and · weaknesses with patching effectiveness or a growing number of · vulnerabilities in a specific area. Communicating these reports and driving change and targeted improvements. Contributes to Security Technology initiatives and projects, such as involvement with the Security Operations Team, Threat Intelligence function and other teams Maintain strong working relationships with infrastructure teams and platform teams, communicates vulnerabilities, tracks remediation progress and influences process improvements Ensure compliance with relevant external requirements and internal policies and standards. Interacts with technology teams as required for the reporting of effective metrics and reports *Key Working Relationships: * Security Technology teams globally, including close interaction with the Security Operations Centre, Threat Intelligence Function and Security Engineering functions Application Security team Risk teams globally Infrastructure teams, such as networking and platform owners Vendors, suppliers and third parties Functional professional peers and workgroups. *Key Skills and Attributes: * *Essential * · 8+ years experience working in IT, with at least 5 years experience working within a technical security capacity, specifically a vulnerability management and/or security operations · space in a large distributed enterprise. It is expected that the candidate have a strong background in IT technical security, specifically the Vulnerability management space · A passion and enthusiasm for IT Security. Stays up to date with technology trends, and security threats and vulnerabilities · Excellent analytical skills, with the ability to breakdown complex problems into actionable steps without over-simplification · Ability to communicate security-related concepts to a broad-range of technical and non- technical staff in an intelligent, articulate and persuasive manner · Strong technical and collaboration skills, organizational and time management skills, communications (verbal and written) and interpersonal skills · A strong understanding and hands-on experience with enterprise vulnerability assessment technologies including enterprise agents and broad-based network scanners. · A strong understanding of OS hardening and techniques and OS-level vulnerabilities, specifically Windows and Unix systems · A good understanding of web technologies and web security hardening techniques, including Apache/Tomcat and IIS · A good understanding of infrastructure-level vulnerabilities, including Cisco devices and wireless technologies · An understanding of database vulnerabilities and configuration security issues · A broad knowledge of networking concepts, including subnets, firewalls, IDS, routing, switching. Should be able to analyse a network topology and draw conclusions around · security controls and weaknesses · Excellent SQL and reporting skills and an understanding and appreciation of KPIs and metrics and how they apply to a vulnerability management and security function. The ability to analyse complex sets of data, correlate and aggregate data and draw conclusions, identifying trends and patterns relevant to security control weaknesses and the tracking of vulnerability remediation progress. · Lateral thinking, passionate, innovative and creative. Has the ability to work under pressure on exciting projects Results oriented, ability to influence outcomes with a hands-on attitude *Desirable * · Highly desirable: experience within the Banking and finance sector. Ideally, having worked in a similar function in a global Bank. · Some development and scripting experience. Ability to automate tasks. · Security certifications including CISSP, SANS, etc · Experience with Mcafee vulnerability management toolkit, incl Foundstone, Policy Auditor, · Arcsight SIEM tool, IDS technologies such as Snort · Application security knowledge, e.g an understanding of OWASP concepts and principles Thanks & Regards *Arvind *Sr Recruiter The power of focus SancroSoft USA INC 4944 Sunrise Blvd, Suite B-4 || Fair Oaks, CA 95628 Phone : 916-671-5579 || Fax: 916-200-0305 E-Mail : arv...@sancrosoftusa.com || *www.sancrosoftusa.com* <http://www.sancrosoftusa.com/> We place professionals in contract, contract-to-hire and full-time employment positions across all IT and Engineering disciplines,* nationwide* The information contained in this email message is intended only for the personal and confidential use of the recipient(s) named above. The message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by email and delete the original message. -- You received this message because you are subscribed to the Google Groups "Open Source Erp & Crm" group. To unsubscribe from this group and stop receiving emails from it, send an email to open-source-erp-crm+unsubscr...@googlegroups.com. To post to this group, send email to open-source-erp-crm@googlegroups.com. Visit this group at http://groups.google.com/group/open-source-erp-crm. For more options, visit https://groups.google.com/d/optout.
