Vulnerability Management Specialist
INETUM is an international IT services company, currently employing about 27,000 people Worldwide.
INETUM provides its clients with innovative, long-lasting industrial solutions to leverage performance from their information systems. We design and runs industrial platforms tailored to the economic and human considerations of its clients.
Management Consulting | Digital Transformation | Innovation
Operating over 26 countries,
2019 revenue of over 2.3 Billion Euros,
50 years of existence.
In order to support our forthcoming businesses and technological challenges, we seek innovative and agile people sharing our mind set.
We are now looking for a Vulnerability Management Specialist to join our team in Singapore.
Vulnerability Management Specialist
Data Security Services team in Singapore is responsible for day-to-day operational services on the infrastructure of Europe (mainly France and UK) and Asia remotely from Singapore. France infrastructure represents approximately 80% of the worldwide production activities of our client in Singapore.
Team works in Asia and Europe time zones and this role will be aligned primarily to France, UK and SGP working hours. Flexible rotations are allowed based on the nature of duties.
The operational support of the team covers the following technical scope:
- Vulnerability Management Service
- Endpoint Security technologies – Anti-virus management, Host Intrusion Prevention System etc.
- Data Leak Prevention systems, Encryption Solutions: Disk Encryption, File and Folder encryption, Database Audit Monitoring solutions
- Phishing Prevention solutions.
Main responsibilities for this Role
Vulnerability Management Specialist is an individual role within the Data Security Services team and will be responsible for operating the Vulnerability Management service. The individual is supported by platform teams for remediation actions.
Person will be responsible for following (but not limited to) responsibilities in day-to-day work:
- Focal point of contact for Vulnerability scanning, scheduling, configuration in tool and executing as per the schedule. Any failure of scans is to be investigated and schedule to re-run;
- Administration of Tenable Security Center tool and using its various features to enable and support the Vulnerability Management program of the bank;
- Conducts periodical discovery of IT Assets and ensures that identified assets are highlighted to CMDB owner for appropriate Asset tagging and onboards the new assets in Vulnerability Management tool;
- Assess the non-identified vulnerabilities and study & understand the risk profile, impact as per environmental context;
- Understand the false positives reported and the technical limitations of the environment and can declare and manage it within the Tenable tool;
- Facilitate the process of Risk Acceptance, wherever needed.
- The Person will be responsible to coordinating with various stakeholders for proposing, seeking and maintaining the approvals for such cases;
- Collaborate with Infrastructure teams- Windows, Unix, Networks etc. for the remediation of the identified vulnerabilities.
- Maintain the Vulnerability Dashboard for the scope and submits reports both of Technical teams and Management Reporting;
- Organize work in order to achieve compliance to established KPIs for Vulnerability Management and proactively work towards achieving the same. Maintain periodical reporting on the progress;
- Escalate- discuss and consult- as required to next levels and Management in timely manner;
- Participate in meetings with various stake holders as per the schedules;
- Liaise with different teams in different geographical zones;
- Propose, plan and execute Service improvements initiatives;
- Adhere to different policies set out by the organization;
- Prepare and provide different reports (weekly/monthly/ad-hoc) to the Manager as necessary;
- Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities;
- Keeping abreast of new threats and vulnerabilities and provide analysis as per applicability;
- Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.
- Work schedule is mainly focused to support Asia and EMEA time zone.
- However, candidate may have to support outside of work-hours as per operational needs only if required.
- Flexible Shift schedule is followed:
- General shift 10 AM – 7 PM or 11 AM – 8 PM SGT
- Afternoon Shift: 12:00 Noon – 9 PM SGT (as per operations needs as required).
Qualifications and Profile
- 6 - 8 years of IT Security experience and 3-5 years of experience in running and coordinating the Vulnerability Management process for an enterprise.
- Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
- Professional Certifications (highly preferred)
- Certified Information Systems Security Professional (CISSP)
- GIAC Enterprise Vulnerability Assessor (GEVA), or any other Vulnerability
- Management Certifications
- CREST certification
- Tenable Certified Specialist
- Must have working experience in administrating and operating Tenable (Nessus) Security Center vulnerability management tool for a Large enterprise level environment;
- Working & hands-on experience in running Vulnerability Management process;
- Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, networks, database, and application servers.
- Ability to assess vulnerabilities and prioritize remediation planning;
- Experience in working collaboratively with cross-functional/transverse IT teams in Production setup (Operations) mode;
- Ability to apply Risk based approach while working on assigned responsibilities;
- Good understanding of Reporting needs at various levels of organization and ability to design, create and present the same;
- Hands-on experience of creating reports using various tools such as Excel, PowerPoint, Word in graphical formats, trending;
- Experience in working with any BI tools like Power BI etc. to prepare the dashboard;
- Working experience in financial organization is highly preferred;
- Excellent in analytical, communication and documentation skills;
- Ability to organize work and be able to priories work as per the Operation’s needs;
- Must have strong understanding of ITIL processes and comfortable working in process-oriented environment;
- Ability to work independently and as well as a part of team and can work under minimal supervision;
- Should have time management skills and able to manage work in fast moving environment;
- Excellent written and oral English language skills. Knowledge of French language is preferred.