Responsibilities
As an operational risk officer, you will support the SOC team in their daily activity and administrating Operational Security Processes. You will be asked to identify improvements in current processes and formalize it through clear documentation.
Among the ongoing administration of Processes, your main responsibilities will be to manage the vulnerability scan process. The process is based on Qualys Tools.
As an operational risk officer, you will support the SOC team in their daily activity and administrating Operational Security Processes. You will be asked to identify improvements in current processes and formalize it through clear documentation.
Among the ongoing administration of Processes, your main responsibilities will be to manage the vulnerability scan process. The process is based on Qualys Tools.
- Responsible for understanding, reviewing, and interpreting assessment and scanning results, reducing false positive findings, and acting as a trusted security advisor to the client.
- Identify and prioritize all vulnerabilities in client environments and provide timely vulnerability assessment reports to key stakeholders
- Develop and report enterprise-level metrics for vulnerabilities and remediation progress
- User requests administration: manage users request on the platforms. Add Hosts, Assets Groups, create scan, report or Dashboard (using the standard and process delivered by SOC SG). Including Emergency stop of scan.
- Manage Vulnerability Scan for GTS: Manage the Change management process to request a scan on GTS infrastructure. Manage the change creation, the achievement of the change process following by the job creation on Qualys platform.
- Present Vulnerability Assessment Scanning and guidance, False Positive Validation, Compliance Scanning and, scan profile and policy creation.
- Analysis of vulnerability: based on group standards, manage the alerting on critical vulnerability found by a vulnerability scan and follow the mitigation with remediation teams
- Ability to identify false positives
- Knowledge of vulnerability management frameworks and concepts such as CVE, and CVSS scoring systems and attacking vectors
- Dashboard: generate monthly and quarterly reports and dashboards.
- Manage Internal Qualys infrastructure: survey the status of Qualys appliances and manage the RMA process and deployment of new appliances.
- Implement automated, proactive security measures
- Security process improvement
- Hands on Qualys modules – Vulnerability Management, Policy Compliance, Web Application Scanning, Cloud Agent, Asset View
Source link
