Key Responsibilities:

Coordinate with GRC teams to ensure security controls related to vulnerability and configuration management are implemented and monitored effectively.
Develop and maintain policy and process documentation to support audit readiness and regulatory inspections.
Support internal and external audits by providing evidence of VA/CA processes, results, and risk treatment plans.
Track and document remediation activities related to audit and compliance findings.
Ensure VA and CA programs align with organizational compliance requirements (ISO 27001, PCI-DSS, NIST, etc.).

Required Experience:

7+ years of experience required
Proficiency in VA tools (Qualys, Tenable, Nessus, Rapid7).
Hands-on with container security scanning tools (e.g., Trivy, Aqua, Sysdig Secure).
In-depth knowledge of Docker, Kubernetes, container lifecycle, and orchestration security.
Solid understanding of configuration assessment tools (e.g., CIS-CAT, SCAP).
Strong grasp of OS internals (Linux, Windows), networking, and cloud platforms (AWS/Azure/GCP).
Familiarity with DevSecOps concepts and CI/CD integration.
Good scripting knowledge (Python, Bash, or PowerShell).
Excellent analytical, documentation, and presentation skills.
BE/BTech
Preferred certifications: CEH, OSCP, CISSP, Kubernetes Security Specialist (CKS), or CompTIA Security+.

VAPT