Vulnerability Management Analyst

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €29.8 Billion international wholesaler with operations in 31 countries through 661 stores & a team of 93,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow's standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website:

Company Size:

Headquarters: Pune, Maharashtra, India

Type: Privately Held

Inception:  2011

Responsibilities:

• Deep understanding of VAPT and its management platforms.
• Manage and maintain vulnerability scanning tools to identify security vulnerabilities in enterprise systems, networks, and applications.
• Refine scan results to identify and resolve any false positive findings and produce vulnerability reports with actionable and prioritized information for system owners.
• Perform risk-based prioritization of identified vulnerabilities. Collaborate with security analysts to conduct detailed assessments of critical vulnerabilities and develop mitigation strategy.
• Work with IT and cross-functional teams to develop and implement prioritized vulnerability remediation plans and timelines. Ensure timely patching or mitigation.
• Ensure that Metro's systems and applications are regularly updated with security patches to mitigate vulnerabilities and maintain a secure environment.
• Provide risk-based mitigation and remediation recommendations and guidance. Manage tracking and reporting on remediation progress to stakeholders and leadership.
• Stay updated on emerging threats and vulnerabilities through threat intelligence sources. Integrate threat intelligence into the vulnerability management process to address high-risk areas proactively.
• Develop baseline asset inventories and maintain owners for systems in the inventory.
• Define metrics and reporting to track program effectiveness and improvement. Develop and track key performance indicators (KPIs) for the vulnerability management program.
• Adapts quickly to changing priorities, seeks new ideas, and re-align with team's priority/roadmap to maximize business productivity.

Technical & Soft Skills:

• Strong Experience in coordinating vulnerability remediation activities in a larger corporate environment
• Hands-on experience and knowledge of vulnerability management technologies.
• Extensive knowledge of OS, Application, Middleware Vulnerability Management, Container Scanning, and Patch Management.
• Well-versed in penetration testing, vulnerability scanning, and red teaming methodologies and frameworks such as OWASP Top 10 and CWE 25.
• In-depth Understanding of technical information security concepts related to threat landscapes.
• Strong understanding of network protocols, operating systems, and security technologies.
• Experience in improving vulnerability prioritization models.
• Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.
• Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills.
• Very high attention to detail, with strong skills in managing/presenting data and information.
• Excellent communication, collaboration, and interpersonal skills
• Capable of working collaboratively in a team environment and with the ability to work in an hybrid work environment, offering support to team members remotely along with able to work as part of a geographically separated team.

Willingness to learn additional technologies, not focused on a single technology/application.

Qualifications:

• Bachelor's degree in computer science, Information security, or in a related field. Relevant Cyber Security certifications (e.g. CompTIA PenTest+, C|PENT, OSCP, CPT, CCPT) are a plus.
• 2 - 4 years of total experience in Cybersecurity in a large multi-national organization or in a known MSSP. The candidate should have minimum 1+ years of experience in Infrastructure Vulnerability Management.