Para estar informado sobre nuestras oportunidades de empleo:
    Únete a nuestra Red de Talentos

    Vulnerability Management Analyst

    Mumbai, Maharashtra, India

    Vulnerability Management Analyst

    • 202407460
    • Mumbai, Maharashtra, India
    • Closing on: Dec 3 2024

    Description

    Job Title:

    Vulnerability Management Analyst 

    Summary of Role :

    As a Vulnerability Management Analyst at WTW, you will work as part of the Vulnerability Management team, supporting WTW's Vulnerability Management lifecycle to ensure that vulnerability related risks are managed effectively and in a timely manner. 

    Reporting directly to the Head of Vulnerability Management, you will collaborate closely with both the Cyber Offensive and Defensive teams to ensure the identified gaps in cyber security maturity are addressed. Your work will involve close coordination with other areas of Offensive and Defensive security, acting as a Vulnerability Management SME supporting these teams as well as engaging with the wider business.

    As well as supporting regular BAU activities, such as ensuring the smooth operation of scanning, reporting, prioritization, remediation tracking as well as communicating with the business, the VM Analyst will have opportunities to work on various projects to constantly improve the VM function, as well as building expertise in different areas to support the team. Regular training, staying on top of industry trends and understanding their implications will be critical in keeping WTW resilient against evolving threats. 

    The Role:

    • Expertise in Scanning/CMDB Tools: Develop/enhance expertise in WTW scanning tools (and supporting tools) and support scanning, reporting and data verification activities, to ensure high quality and accurate data for the business and stakeholders
    • Tracking Vulnerability Remediation: Attending or leading remediation calls with different areas of the business in order to track and drive vulnerability remediation efforts, escalating where necessary
    • Supporting internal projects: Support existing and upcoming internal projects, to enhance WTW’s ability to identify, prioritize and respond to vulnerabilities of varying risk within different areas of the business
    • Collaboration with Business/Teams/Stakeholders: Work alongside senior members of both offensive (Red Team, Security Testing Team) and defensive teams. Help ensure that findings from vulnerability scans are communicated clearly to the business and any identified gaps are tracked and addressed
    • Explore Emerging Technologies: Stay informed on the latest vulnerabilities and attack techniques in order to bolster WTW’s vulnerability remediation efforts
    • Support BAU Processes: Work as an integral part of the team in order to support the WTW vulnerability management lifecycle, built into the company’s corporate controls.
    • Report Findings and Metrics: Assist in ensuring vulnerability remediation reports are accurate and fit for purpose, as well as working to ensure that monthly metrics that are provided to stakeholders is accurate, effective and timely 
    • Continuous Learning: Take advantage of training opportunities available within WTW, as well as self-learning to remain abreast of emerging vulnerability related threats as well as vulnerability related technical details
    • Assist with Audits – Assist with both internal and external audits where required

    The Requirements:

    Technical Requirements:

    • Familiarity with Vulnerability Scanning Tools – Overall familiarity with popular vulnerability scanning tools and how they work to identify vulnerabilities
    • Understanding of Web, Network and Cloud Technologies – A good basic understanding of web and network architecture, as well as traffic at different OSI layers and cloud architecture
    • Vulnerability Patching/Remediation – A good understanding of how vulnerability patches and other vulnerability remediation methods work, as well as reasons why patches may not be available, such as End of Life or unsupported products due to update mechanisms etc
    • Attention to Detail – Ability to analyse large volumes of sometimes complex vulnerability data using PowerBi and Excel spreadsheets, while ensuring that data is complete and accurate
    • Exposure to Offensive and Defensive Security: Some basic hands-on experience or academic exposure to both offensive and defensive security practices, with a focus on building knowledge in cyber operations.
    • Collaboration Skills: Ability to work alongside more senior Cyber Security Operations team members, helping to support improvements in processes and technology controls.
    • Awareness of Regulatory Requirements: A basic understanding of regulatory requirements such as DORA, related to cybersecurity, with an interest in learning how these impact technical controls and processes
    • Basic Scripting Knowledge - Some basic knowledge of scripting would be desirable, such as Powershell, KQL, Python etc

    Additionally, the following are desirable but not essential:

    • Educational Background: A degree or coursework in Information Technology, Cybersecurity, or a related field.
    • Certifications: Relevant cybersecurity certifications (such as CompTIA Security+, CEH, MS Azure, CISSP etc) are desirable.
    • Interest in Leadership: A willingness to develop leadership and team collaboration skills over time.
     

    Non-Technical Skills:

    • Stakeholder Engagement: Ability to communicate effectively with both technical and non-technical team members, with a focus on learning how to build strong working relationships.
    • Communication Skills: Strong verbal and written communication skills, with the ability to articulate technical issues clearly to diverse audiences.
    • Team Collaboration: A proven ability to work collaboratively in a team setting, with an eagerness to contribute to a supportive and inclusive work environment.
    • Problem-Solving Abilities: An interest in developing problem-solving skills, with a commitment to helping resolve issues and continuously improving the security framework.

     

    Qualifications

    A degree or coursework in Information Technology, Cybersecurity, or a related field.

    Apply Now

    ¿No tú?

    Gracias

    Contacto no solicitado

    Todos los CV/perfiles de candidatos no solicitados que se presenten a través de nuestro sitio web o de cuentas de correo electrónico personales de empleados de Willis Towers Watson se consideran propiedad de Willis Towers Watson y no pagarán honorarios de agencia. Para poder ser una agencia/compañía de búsqueda de personal para Willis Towers Watson, dicha agencia debe contar con un acuerdo formal existente y por escrito firmado por un agente de selección de personal de Willis Towers Watson y una relación laboral activa con la organización. Los CV se deben presentar de forma tal que cumplan con el proceso de presentación del candidato, que incluye participar activamente en la búsqueda específica. Del mismo modo, para nuestras agencias de selección/búsqueda de personal, si no se cumple con los pasos del proceso de presentación del candidato, Willis Towers Watson no pagará honorarios de agencia. Willis Towers Watson sigue el principio de igualdad de oportunidades en la contratación. Si deseara que la compañía guarde su información de contacto para su consideración en el futuro, envíe un correo electrónico a: Agency.inquiries@willistowerswatson.com .

    Nuestras oficinas

    Nuestros colegas brindan servicios en más de 140 países y mercados en todo el mundo. Esto da una dimensión global a todo lo que hacemos y crea muchas oportunidades interesantes para que colabores y crezcas. Consulta el mapa a continuación para ver a dónde podría llevarte tu carrera.

    Conozca a nuestra gente