Professional 2 Information Security - Bangalore, India - DXC Technology

    DXC Technology
    DXC Technology Bangalore, India

    3 weeks ago

    dxc technology background
    Full time
    Description

    Job Description:

    Job Description – Vulnerability Management/ App Sec Specialist The VM/App Sec specialist is responsible for the ongoing support and service maturity of the VM program. Must have experience with Qualys/Python developer and running operations and the following within the platform and VM AppSec service.

    · Vulnerability Management Lifecycle Management

    · Policy Compliance

    · Patch Management

    · Web Application Scan

    · Certificate Management

    · Python Expert

    · Qualys API Exposure

    · External Attack Surface Management

    · Container Security (DevsecOps Exposure)

    · Cloud Security (AWS/Azure/GCP) Automation with Json query language

    What You Will Do

    (Major task and role person will have to perform – listed all the relevant points)

    o Architect and deploy Vulnerability Management tools and related technologies.

    o VM(Qualys/Nessus/Rapid7) System management and troubleshooting. Threat and vulnerability analysis.

    o Manage Qualys/Nessus/Rapid7 day-to- day administration.

    o Integrate data feeds (asset vulnerabilities) into other tools.

    o Develop correlation rules as per security use cases.

    o Generate required reports and dashboards. (PowerBI)

    o Troubleshoot issues and tune the Qualys/Nessus/Rapid7 solution for optimal performance.

    o Run queries on backend data for security analytics for PowerBI integration and create automation scripts using python.

    o Apt knowledge in certificate management and web apps management within Qualys/Nessus

    o Prioritize vulnerabilities remediation & follow-ups to ensure compliance based on CVSS (Common Vulnerability Scoring System) report shared with you by Global team.

    o Must have knowledge of CI/CD pipeline security management and well versed with registry scans in Artifactory and Cloud environment.

    Technical Skillset:

    o Strong knowledge of architecting, deploying, and administering Qualys/NessusRapid7 or similar VM technology

    o Good experience in implementing various use cases for security compliance hardening.

    o Scan system devices for vulnerabilities according to compliance policies – Nessus/Qualys Guard.

    o Strong working knowledge of relevant OS, Database, and networking.

    o Good scripting knowledge in PowerShell, Shell scripting, Python used for automating tasks.

    o Should have working knowledge of Active Directory/ DNS/ DHCP.

    o Knowledge of security tools like firewalls, IDSs, Web content filtering and content filtering solution. E.g. Cisco, Checkpoint, Juniper SSL VPN, Proxy, IPS/IDS.

    o Experience in Information security monitoring using SIEM /Vulnerability Management tools.

    o Log sources configuration, rules & Dashboard creation.

    o Vulnerabilities/Threat detection and management.

    o Trouble shooting skills on Linux, Windows etc.

    o Cloud Exposure (AWS/Azure)

    o Jenkins/Bamboo Devops Security Integration Exposure

    o External Attack Surface Exposure

    Tool knowhow: Mandatory

    Qualys/Nessus/Rapid7

    Good to know.

    Working knowledge of security tools like firewalls, IDSs, Web content filtering and content filtering solution. E.g. Cisco, Checkpoint, Juniper SSL VPN, Proxy, IPS/IDS

    · Assigns security incidents that cannot be directly resolved to the responsible team with the appropriate access and authority.

    · Corrects errors causing security incidents and records action taken to resolve/correct the situation, often involving complex technical and security issues.

    Certifications

    · Qualys Certified Specialist VM, PC WAS

    · Good to have any Security certification.

    Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.