Aujas Cybersecurity
3 weeks ago
Role : VMS Track Lead - Cybersecurity
Location : Delhi
Experience : 7+ years in Cybersecurity, with 3 - 4 years in Vulnerability Management (VMS) and Penetration Testing (PT)
Qualification : BE/B.Tech/M.Tech/MSc/MCA or equivalent in Computer Science, Information Security, or related field
Preferred Certifications : CISP/CISSP, CCIE Security, CEH, GCFA, GCFE, LPT, OSCP, OSWE
Role Overview :
We are seeking an experienced and technically adept VMS Track Lead to head our Vulnerability Management & Penetration Testing operations. This leadership role requires deep expertise in threat assessment, vulnerability prioritization, security automation, and remediation coordination across enterprise systems, networks, and applications.
Key Responsibilities :
Vulnerability Management & Penetration Testing :
- Lead enterprise-wide vulnerability management lifecycle from discovery to remediation.
- Perform application, infrastructure, and network security assessments across Windows, Linux, Unix, cloud, and containerized environments.
- Utilize tools such as Qualys, Nessus, Tenable.io, Rapid7, OpenVAS for automated scanning and manual validation.
- Conduct penetration testing using Burp Suite, Metasploit, Nmap, Hydra, Nikto, and custom scripts.
- Ensure scanning coverage for on-premises, hybrid, and cloud deployments (AWS, Azure, GCP).
Vulnerability Prioritization & Risk Assessment :
- Correlate vulnerability findings with threat intelligence feeds, CVSS scoring, MITRE ATT&CK framework, and business criticality mapping.
- Define Service Level Agreements (SLAs) for remediation based on severity, exploitability, and impact.
Security Automation & Integration :
- Develop custom scripts (Python, Shell, PowerShell, Perl) to automate scanning, reporting, and remediation workflows.
- Integrate vulnerability data with SIEM/SOAR platforms such as Splunk, QRadar, Sentinel, Cortex XSOAR.
- Create REST API integrations between vulnerability management tools and ticketing systems like Jira, ServiceNow.
Stakeholder Collaboration :
- Work closely with Threat Intelligence, Incident Response, Security Architecture, and DevSecOps teams to strengthen proactive security measures.
- Partner with application owners, developers, and IT operations for secure coding, patching, and configuration hardening.
- Provide detailed reports and dashboards for executive management, compliance, and audit teams.
Governance, Risk, and Compliance (GRC) :
- Ensure processes align with ISO 27001, NIST CSF, PCI-DSS, GDPR, and local regulatory requirements.
- Maintain audit-ready documentation for internal and external assessments.
Team Leadership & Mentoring :
- Lead, coach, and upskill a team of security analysts and penetration testers.
- Drive process improvements, SOP standardization, and capability enhancements for the VMS function.
Skills & Technical Expertise Required :
Core Security Knowledge :
- In-depth understanding of secure software development lifecycle (SDLC) and DevSecOps practices.
- Experience with SANS Top 25, OWASP Top 10, CWE, CAPEC methodologies.
Scripting & Automation :
- Hands-on with Python, Bash, PowerShell, Perl for automation and tool customization.
Tools & Platforms :
- Vulnerability Scanners : Qualys, Nessus, Tenable.io, Rapid7
- Penetration Testing : Burp Suite, Metasploit, Nmap, Nikto, Hydra
- Threat Intelligence : MISP, ThreatConnect, Recorded Future
- SIEM/SOAR : Splunk, QRadar, Cortex XSOAR, Microsoft Sentinel
Soft Skills :
- Strong leadership, problem-solving, and decision-making abilities.
- Excellent communication for technical and executive-level reporting. (ref:hirist.tech)
