Vulnerability Management - L3

Vulnerability Management - L3

Location : Bangalore

Mode : Hybrid

• On the portal where vulnerabilities are listed, each vulnerability must be analyzed;
• Within each record of each vulnerability, analyze the required fixes and the vendor involved
• Contact the vendor to discuss the vulnerability fix (usually the vendor applies the fix in a test environment)
• If there is any impact or downtime required, it will be necessary to align with Miguel Marçal on the intervention window;
• Contact T-Systems to schedule the intervention;
• T-Systems will have to ensure a virtual machine snapshot is performed to enable rollback protection;
• Support the vendor during the application of the fixes in the production environment Security Operations Lead Roles and Responsibilities ( Grade IS3 / IS4) Vulnerability Analysis & Tracking
• Review and analyze vulnerabilities listed on the security portal & Servicenow
• Assess each vulnerability record to identify required fixes and determine the responsible vendor.
• Maintain a centralized tracking system for all open vulnerabilities and remediation status. Vendor Coordination
• Contact vendors to discuss and plan the application of fixes, typically in a test environment first.
• Support vendors during the fix deployment in production environments.
• Ensure rollback protection by coordinating virtual machine snapshots before any intervention. Intervention Planning
• Coordinate with T-Systems to schedule interventions and confirm snapshot creation for rollback capability. Remediation Execution
• Facilitate and monitor the application of fixes in production environments.
• Ensure all remediation activities are completed within agreed timelines and with minimal disruption. Documentation & Reporting to CSO
• Document all remediation steps, communications, and outcomes.
• Provide regular updates and reports to management on vulnerability status and resolution progress to CSO.
• Participate in the weekly and monthly review with CSO.