Specialist - CyberSecurity

Role description

Vulnerabilitiy Project Manager

Year of experience 7-9 years

Role summary

1

Manage and supervise in ServiceNow the identification and qualification of Cyber vulnerabilities for INFRA

Validation of the correct compliance of vulnerability scans and reports

Qualification of the appropriates everity level versus Asset criticality CVS Setc and false positives in SNOW

Verification of correct assignment

Quality control of there mediation proposed by the CYBER teams

2

Ensure communication

With the IT owners and for critical and high vulnerabilities. The actionsplanmustbeexplainedandtherighttechnicalsupportshallbeprovidedsothattheremediationshappenonadulymannerandtime

With the other technical domains belonging to ITHIndian TechHub as well as with the other zones EuropeAmericaAsia and the business domains Operations Finance Retail Research Innovation Corporate

3

Improve the process

By attending biweekly meetings with the Cyber security teams aiming at improving the KPIs false positive identification remediation plan improvement

Key Responsibilities

The Cyber Service Delivery team is expanding to support the INFRASTRUCTURE teams in Cyber vulnerability remediation specifically for

Defining and implementing a common process across all zones and IT organizations

Verifying the quality level of scan results and vulnerability reports provided by the Cyber teams

Identifying false positives

Reviewing and qualifying vulnerabilities in SNOW ServiceNow

Conducting periodic meetings aimed at continuous improvement and automation

Communicating to the business the risks associated with vulnerabilities and the importance of an appropriate quantified and planned action plan

Training engineers within the LOral Beauty tech team in India

Monitoring Vulnerability activities through a dashboard

Drafting a monthly newsletter

Presenting topics related to INFRA vulnerabilities at the quarterly Operational Security Committee

Key Competency

Significant experience in conducting DR Disaster Recovery tests in a Cloud environment Azure AWS AlibabaCloud GCP etc would be a significant asset

Active and growing participation in SECOPS activities vulnerability monitoring noncompliance audit recommendations within a clearly defined scope zone and IT organization identified prior to the assignment

Active and growing participation in AUDIT PENTEST activities with a participation to the auditpentestpreparation as well as to the remediations plan definition and execution following the auditors recommandations

Certifications

CEH Certified Ethical Hacker

TCO TANIUM CERTIFIED OPERATOR

VMDR QUALYS Vulnerability Management

CCFR CrowdStrike Certified Falcon Responder

Skills

Mandatory Skills : Infra Vulnerability Management - Qualys
Good to Have Skills : EDR - CrowdStrike