WW-IN-Security-ID388-Sr End-Point Vulnerability Engineer -JL08

Job Description:

Essential Job Functions:

• Possess knowledge of various technologies and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP) strongly desired.
• Industry Certification in IT & cyber security domains a strong advantage (PCI-DSS , CEH, OSCP or similar industry certification like CISM,CISP will be added advantage)
• You are a passionate about vulnerability management and have extensive knowledge/experience of how Qualys works, operates, and is maintained in an enterprise context.
• We expect you to be supportive of your team members, share knowledge and contribute to a positive team dynamic
• You will be working in an agile context meaning planning and delivery is done in iterations and all team members are expected to contribute to the full life cycle of the products.
• Together with the team you will ensure that our solutions meet client’s needs and stakeholders’ expectation.
• Perform platform and application vulnerability assessment, secure source code review and security baseline configuration review using variety of industry leading tools.
• Able to prioritize risks and drive remediation by outlining and providing advice and solutions to technology owners on effective security controls and counter measures.
• Providing information security solution as per PCI DSS / customer requirement.
• Managing overall patch management team and tracking / reducing vulnerabilities as per customer requirements and managing SLA requirements for couple of accounts.
• Working with technical as well as end users to understand business requirements and identify data solutions.
• Ability to manage and adhere customer IT compliance and Security.
• Conducting Risk Assessment for IT infrastructure
• Track and validate remediation of security vulnerabilities.
• Stay abreast on new security vulnerabilities and latest advancements in configuration compliance assessments from internal or external threat intelligence sources and CERT teams.
• Prepare key risk indicators and metrics reporting to senior management team.
• Report and articulate vulnerability assessment results and risk impact to key stakeholders.

Typical everyday tasks:

• Attend team meetings.
• Support more junior colleagues.
• Independently work on improving services / products.
• Collaborate with Product Management function and stakeholders on potential new products and/or development of existing products.
• Support backlog refinements and planning.

We believe you have a profile that maps to the following behaviors/skills:

• Has extensive knowledge/experience of how Qualys works, operates, is maintained and how to fully utilize Qualys in an enterprise organisation.
• Understand how Qualys operates in a modern digital eco-system with the ability to utilize the tool fully in a network environment consisting of a segmented on-prem network and multiple cloud environments.
• Understand what dependencies that are relevant to consider when implementing and operating Qualys. For example – you have experience and understand how to make the most of Asset Management Data in an End-Point Vulnerability context.
• Represents the technical expertise available to Product Management. Where Product Management points out the needs of the organization and the Engineering community supports on how to reach that goal.
• You know how to work closely with Product Management and actively support with development of new/updated product concepts. This includes but is not limited to:
  • The ability to see how we can leverage existing and new features in Qualys in a way that maximizes value.
  • Build POCs and help evaluate feasibility of product concepts.
  • The ability to understand and manage dependency and risks related to product concepts.
  • The ability to understand how we use technology to meet customer needs and expectations.
  • In collaboration with product management, engage with stakeholders and capture/understand needs.
• Represent a technical leader in the team and can guide and support more junior profiles. In expanding the services as well related to best practices for operations/maintenance.
  • Will also act as technical leadership in dialogue with stakeholders
• Can support the teams with Agile events such as dailies, planning events, retrospectives etc.
• Participates in dialogue with Qualys as a supplier to impact roadmap and stay up to date with coming changes.
• Participates in dialogue with representatives from teams flagged as dependencies.
• Can support the team with defining and managing relevant delivery related metrics and make use of the information to support the continuous improvement and learning of the team.
• Support stakeholders in how to utilize endpoint services
• Build stakeholder relationships and engagements

Basic Qualifications

• Bachelor's degree or equivalent combination of education and experience
• Bachelor's degree in computer science or related field preferred
• CISSP certification preferred
• Three or more years of computer science, management information systems, or data security experience
• Experience working with information and network security practices
• Experience working with computer programming
• Experience working with computer desktop packages such as Microsoft Word, Excel, etc.
• Experience working with operating systems
• Experience working with security software packages
• Experience working with security architecture

Other Qualifications

• Analytical and problem-solving skills for resolving security issues
• Interpersonal skills to interact with customers and team members
• Communication skills to interact with team members and support personnel
• Ability to work with relational databases
• Ability to work in a team environment

Work Environment

• Office environment.
• Rotational shift.
• May require weekend work

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.