Threat & Vulnerability Management

Role Summary

The Threat & Vulnerability Management team is responsible for protecting critical Cognizant Infrastructure from Security Vulnerabilities by tracking the remediation activities with asset owners and ensuring that appropriate mitigation is in place.



This role will closely work with various teams responsible for mitigating the identified vulnerabilities with due concurrence of the respective business owners and stakeholders.

Responsibilities

Activities include, but are not limited to the following:

Have a broad understanding of the current cyber security landscape, with a background in vulnerability management

Must have hands on experience of security scanning tools and techniques; Ability to identify false positives manually is a plus

Experience in analysis of vulnerability results and recommending corrective action

Ability to investigate on latest security related vulnerabilities to ensure infrastructure security posture is strong

Facilitate and coordinate vulnerability assessment, reviews of assessment results, patching, and remediation activities related to BU OS, Middleware, Servers, Storage, Databases, Appliances, Web Applications and Network Devices

Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance

Ability to define and report vulnerability metrics to drive remediation trends

Report on findings and advise stakeholders in remediation activities as required

Document all processes and procedures in accordance with Cognizant's Reporting Standards

Understand the Scope of Work for the engagement and perform the duties and tasks required by those agreements in an organized, professional manner

Ability to solve complex technical problems and articulate to non-IT personnel

Research and develop testing tools, techniques, and process improvements

Strong understanding of various networking, servers and web technologies and testing methodologies

Experience with cloud hosted environments is a plus

Knowledge of any one or more Scripting Languages such as Perl, Python, Ruby etc
is a plus

Demonstrates an ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience

Exhibits good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.

Self-motivated and able to work both independently and with a team.

Tool Knowledge

The candidate must possess knowledge of industry-recognized security tools including the following:

NMAP

Acunetix

Burp

Qualys Guard VA

Qualys Cloud Agent

Sys Internal Tools

Tenable Nessus

Microsoft SCCM

Tanium

Education and Experience Requirements:

Candidate must have sufficient information security knowledge and experience to conduct technically complex Security Assessments.

He or She must have a Bachelor's degree in Computer Science, Cyber Security or the equivalent from a recognized university

He or she must have around 6 to 7 years of relevant information security experience with proof of work experience and Security Certifications.

Possess industry-recognized security certification(s) including one or more of the following:

o Certified Ethical Hacker (CEH)

o EC-Council Certified Security Analyst (ECSA)

o Licensed Penetration Tester (LPT)