Vulnerability Intelligence & ASM

Job Description :

The VOC VI & ASM Analyst is responsible for :

Vulnerability Intelligence (VI) :

Monitor new vulnerabilities and assess their criticality and risk severity based on threat exploit availability ease of exploit impact

Communicate and publish an assessment on vulnerabilities related to software used in Saint- Gobains scope

Maintain timely high-quality vulnerability bulletins prioritizing issues against the Groups asset exposure

Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service

Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS EPSS CVSS metrics

Attack Surface Management (ASM) :

Operate continuous monitoring of external assets via ASM Security tools

Update on a regular basis the coverage of ASM tools by adding known domains and IP ranges belonging to Saint-Gobain

Assess the severity of the findings and confirm their presence (review challenge FP assessment )

Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners

Build and use the external footprint to proactively identify new threats and new vulnerabilities

Leverage ASM tools to proactively identify external assets subject to newly published

vulnerabilities

BlackBox Pentesting :

Drive proactive follow-up on detected vulnerabilities engaging system owners and tracking remediation to closure

Active follow up with Application managers to onboard new application in the BlackBox Pentesting service Pentest launch

Contract follow-up

Tools follow up and maintenance

Vulnerability Management :

Vulnerability review recategorization and false positive identification

Proactive vulnerability testing and replay

Pre-analyze and consolidate vulnerability data from various scanning tools

Prepare concise syntheses of available vulnerabilities

Offer guidance to the SO and CISO on vulnerabilities

Collaborate with key stakeholders to develop strategies for vulnerability management

Scripting and automation :

Automate data extraction and data push from VI and ASM tools to DataLake tools

Build automation workflows to streamline vulnerability identification assessment and reporting

Collaborate with the offensive and defensive teams to enhance vulnerability assessment and testing

Key Skills

Accounts Reconciliation,Account Development,Attorney At Law,Corporate Risk Management,Activex,Jni

Employment Type : Full Time

Experience : years

Vacancy : 1