Technical Lead – Vulnerability Management

Pune Cerebrum

Apply now Apply later

What you will do:

The Johnson Controls Global Cyber Security (GCS) team is undergoing transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities to address the ever-changing cybersecurity threat landscape. 

The Sr. Vulnerability Analyst for Vulnerability Management will ensure the continuous identification and monitoring of vulnerabilities in the JCI Corporate infrastructure and websites and will support the IT department of Johnson Controls. The role will also identify and recommend methods and techniques to improve security posture and help establish a security culture across the various IT departments. Creates documentation and technical working instructions to support high-quality security operations, monitoring, and compliance in corporate environments. Supports achieving the vulnerability program objectives in the infrastructure, web application and compliance area. The candidate will also coordinate the improvement of current automation related to the vulnerability management area.  The successful candidate will need to be highly knowledgeable of the concepts of security vulnerability management and IT compliance hardening and have the technical skills and communication abilities to converse with IT engineers about security vulnerabilities and support remediation. The candidate will be able to articulate thoughts clearly, run operations, plan initiatives, and execute with appropriate urgency. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change agent..

How you will do it:

  • Coordinate and/or perform regular Infrastructural and Web Application vulnerability assessments;
  • Identify, and maintain the vulnerability management corporate platform in order to prompt identify weakness in the internal and external perimeter, including Cloud infrastructure;
  • Monitor the identified security vulnerabilities or missconfiguration and support the IT stakeholders for remediation;
  • Enforce VM processes and procedures to ensure also the right coverage and security of the Corporate Business Infrastructure and Web Applications;
  • Collaborate with GIS teams to develop or optmize automations used for vulnerability tracking and reporting;
  • Support to adopt Security best practices and security standards applied by the organization.

What we look for:

Required

  • Minimum 8 years working in Information Security and Security Operations area.
  • Knowledge of industry best practices in Vulnerability Management and Compliance areas; (e.g. NIST and “CVSS - Common Vulnerability Scoring System” frameworks)
  • Experience in management and configuration of vulnerability assessment platform (e.g Rapid7 Insight VM and AppSec, Nessus, Qualys VM and WAS, Burp Suite, ZAP)
  • Experience with administration of ITSM solutions used for vulnerability tracking and reporting (Service Now SecOps VM Module/Jira)
  • Experience with OWASP Top 10 assessment and methodology and CIS hardening standard;
  • Experience with various cloud providers (Azure, Google, Amazon) and knowledge on methodology how to secure them;
  • Experience on enforcement of VM operational Security process and procedures;
  • Experience with penetration test assessment, red/blue team activities and security monitoring;
  • Effective communication skills to interface with both internal and external stakeholders;
  • Self-starter mentality that defaults to action and thinks creatively on how to overcome challenges;
  • Good communicator, both verbally and in writing;
  • Highly motivated, adaptable and willing to learn new technologies.

Preferred

  • Bachelor’s degree in computer engineering, computer security or computer science discipline;
  • Previous technical background in IT or Software development roles;
  • Experience with Splunk SIEM Platform;
  • Experience with management of Service NOW SecOps Vulnerability Response module.

 

Desired Security certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP)
  • CompTIA Security+
  • Qualys Certified Specialist
  • Burp Suite Certified Practitioner

About Johnson Controls At Johnson Controls, we transform the environments where people live, work, learn and play. From optimizing building performance to improving safety and enhancing comfort, we drive the outcomes that matter most. Dedicated to protecting the environment, we deliver our promise in industries such as healthcare, education, data centers and manufacturing. With a global team of 100,000 experts in more than 150 countries and over 130 years of innovation, we are the power behind our customers’ mission.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0
Category: Leadership Jobs

Tags: Application security Automation Azure Blue team Burp Suite CEH CISSP Cloud Compliance CompTIA Computer Science CVSS Jira Monitoring Nessus NIST Offensive security OSCP OWASP Qualys SecOps SIEM Splunk Vulnerabilities Vulnerability management

Perks/benefits: Team events

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.