Role Summary
The Threat & Vulnerability Management team is responsible for protecting critical Cognizant Infrastructure from Security Vulnerabilities by tracking the remediation activities with asset owners and ensuring that appropriate mitigation is in place.
This role will closely work with various teams responsible for mitigating the identified vulnerabilities with due concurrence of the respective business owners and stakeholders.
Responsibilities
Activities include, but are not limited to the following:
Have a broad understanding of the current cyber security landscape, with a background in vulnerability management
Must have hands on experience of security scanning tools and techniques; Ability to identify false positives manually is a plus
Experience in analysis of vulnerability results and recommending corrective action
Ability to investigate on latest security related vulnerabilities to ensure infrastructure security posture is strong
Facilitate and coordinate vulnerability assessment, reviews of assessment results, patching, and remediation activities related to BU OS, Middleware, Servers, Storage, Databases, Appliances, Web Applications and Network Devices
Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance
Ability to define and report vulnerability metrics to drive remediation trends
Report on findings and advise stakeholders in remediation activities as required
Document all processes and procedures in accordance with Cognizant's Reporting Standards
Understand the Scope of Work for the engagement and perform the duties and tasks required by those agreements in an organized, professional manner
Ability to solve complex technical problems and articulate to non-IT personnel
Research and develop testing tools, techniques, and process improvements
Strong understanding of various networking, servers and web technologies and testing methodologies
Experience with cloud hosted environments is a plus
Knowledge of any one or more Scripting Languages such as Perl, Python, Ruby etc
is a plus
Demonstrates an ability to methodically analyze problems, identify solutions, and communicate to a non-technical audience
Exhibits good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.
Self-motivated and able to work both independently and with a team.
Tool Knowledge
The candidate must possess knowledge of industry-recognized security tools including the following:
NMAP
Acunetix
Burp
Qualys Guard VA
Qualys Cloud Agent
Sys Internal Tools
Tenable Nessus
Microsoft SCCM
Tanium
Education and Experience Requirements:
Candidate must have sufficient information security knowledge and experience to conduct technically complex Security Assessments.
He or She must have a Bachelor's degree in Computer Science, Cyber Security or the equivalent from a recognized university
He or she must have around 6 to 7 years of relevant information security experience with proof of work experience and Security Certifications.
Possess industry-recognized security certification(s) including one or more of the following:
o Certified Ethical Hacker (CEH)
o EC-Council Certified Security Analyst (ECSA)
o Licensed Penetration Tester (LPT)
