NMS Consultant
Website:
nmsconsultant.com
Job details:
Job Summary :
The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regard to the company context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Managers with the remediation process.
This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to the company environment as well as tracking potential external entry points to company systems and data.
The VOC VI & ASM Analyst is responsible for:
Vulnerability Intelligence (VI):
o Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, …
o Communicate and publish an assessment on vulnerabilities related to software used in company scope
o Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset
exposure
o Update our software inventory on a regular basis in the scope of Vulnerability Assessment Service
o Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, …
Attack Surface Management (ASM):
o Operate continuous monitoring of external assets via ASM Security tools
o Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges belonging to the company.
o Assess the severity of the findings and confirm their presence (review, challenge, FP assessment)
o Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners
o Build and use the external footprint to proactively identify new threats and new vulnerabilities
o Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities
BlackBox Pentesting:
o Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking
remediation to closure
o Active follow up with Application managers to onboard new application in the BlackBox
Pentesting service
Pentest launch
Contract follow-up
Tools follow up and maintenance
Vulnerability Management:
o Vulnerability review, recategorization, and false positive identification
o Proactive vulnerability testing and replay
o Pre-analyze and consolidate vulnerability data from various scanning tools
o Prepare concise syntheses of available vulnerabilities
o Offer guidance to the SO and CISO on vulnerabilities
o Collaborate with key stakeholders to develop strategies for vulnerability management
Scripting and automation:
o Automate data extraction and data push from VI and ASM tools to DataLake tools
o Build automation workflows to streamline vulnerability identification, assessment, and reporting
o Collaborate with the offensive and defensive teams to enhance vulnerability assessment and
testing
Skills
Bachelor's degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus
Proven experience (6+ years) working within the Cybersecurity field, with emphasis on security platforms implementation & administration
Experience in penetration testing actions (web application, infrastructure, …)
Experience with security scanning tools
Experience with VI and ASM tools
Experience in investigating newly published vulnerabilities and assessing their risks and severity
Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of Security processes is a plus
Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …)
Strong technical skills with an interest in open-source intelligence investigations
Knowledge of the NIST CVE database, OWASP Top 10, and Microsoft security bulletins
Excellent writing skills in English and the ability to communicate complicated technical challenges in a business
language to a range of stakeholders.
Personal Skills :
Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience
Excellent ability to think critically under pressure
Strong communication skills to convey technical concepts clearly to both technical and non-technical personnel stakeholders
Willingness to stay updated with evolving cyber threats, technologies, and industry trends
Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures
Click on Apply to know more.