Senior Associate, Cybersecurity Vulnerability Management

About the Role

At PwC, our Cybersecurity team focuses on protecting organizations from cyber threats using advanced technologies and strategies. You will work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In this role, you will focus on identifying and analyzing potential threats to an organization's security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure.

What You'll Do

You will be responsible for the end-to-end Vulnerability Management processes and tools, including host-based application scanners, patch management, GRC tools, and ITSM. Your responsibilities will include:

• Driving the configuration of vulnerability assessment tools and integrating feedback to reduce false positives.
• Analyzing and prioritizing identified vulnerabilities and providing remediation recommendations.
• Preparing vulnerability data and reports for both technical and executive audiences.
• Identifying timelines/programs and guiding teams to address vulnerabilities, including system patching, specialized controls, code/infrastructure changes, and build engineering process adjustments.
• Tracking and remediating vulnerabilities using agreed-upon action plans and timelines with responsible technology partners and support teams.
• Designing and overseeing actionable dashboards and scorecards.
• Reviewing and coordinating changes to patch policies, procedures, standards, and audit work programs in a continuous improvement model.
• Protecting valuable information and maintaining confidentiality and integrity of data through knowledge of security management, network protocols, data, and application security solutions.
• Staying updated on industry trends, current and emerging risks, and relevant legislation, regulatory requirements, guidelines, and industry developments related to data protection, privacy, security, and data governance.
• Leveraging knowledge of operating system and application security, administration, and debugging.
• Applying knowledge of security controls, including access controls and auditing.

What You'll Need

• 4-9 years of strong experience in Vulnerability Management tools (Qualys, Nessus, Rapid7 & Tenable SC).
• Willingness to work in EST shift timings.
• Demonstrated experience driving the configuration of vulnerability assessment tools, including the integration of feedback from IT owners to reduce false positives.
• Demonstrated experience performing analysis and prioritization of identified vulnerabilities and remediation recommendations.
• Demonstrated experience preparing vulnerability data and reports for technical and executive audiences.
• Demonstrated experience identifying timelines/programs and guiding teams to address vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, changes in build engineering processes.
• Demonstrated experience tracking and remediation of vulnerabilities leveraging agreed upon action plans and timelines with responsible technology partners and support teams.
• Demonstrated experience designing and overseeing actionable dashboards and scorecards.
• Demonstrated experience reviewing and coordinating changes to patch policies, procedures, standards, and audit work programs in a continuous improvement model.
• Demonstrated experience driving the protection of valuable information and maintaining confidentiality and integrity of data through knowledge of security management, network protocols, data, application security solutions.
• Knowledge of industry trends, including current and emerging risks.
• Knowledge of relevant legislation, regulatory requirements, guidelines, and industry developments related to data protection, privacy, security, and data governance.
• Experience with end-to-end Vulnerability Management processes and tools including host-based applications scanners, patch management, GRC tools and ITSM.
• Knowledge of operating system and application security, administration and debugging.
• Knowledge of security controls including access controls, auditing.

Professional and Educational Background

• Graduate/Bachelor's degree in BE/BTech, MCA.
• Willingness to work in EST shift timings.

Key skills/competency

• Cybersecurity
• Vulnerability Management
• Qualys
• Nessus
• Rapid7
• Tenable SC
• Risk Assessment
• Threat Intelligence
• Patch Management
• Security Reporting