Vulnerability Assessment and Penetration Testing Lead

VAPT Lead

Responsibilities

Vulnerability Assessment and Management: 

• Conduct regular vulnerability assessments.
• Analyze scan results, identify vulnerabilities, and prioritize them based on risk and impact.
• Collaborate with IT and application teams to ensure timely remediation of identified vulnerabilities. 
• Provide POC’s for identified vulnerabilities as and when needed.
• Must have experience of administrating, designing and deployment of vulnerability management tools such as Tenable, Qualys, R7 etc.
• Optimize scanning schedules and policies to maximize coverage and efficiency

Reporting and Documentation:

• Generate and deliver comprehensive vulnerability reports to stakeholders.
• Maintain detailed records of vulnerabilities, remediation efforts, and their status.
• Develop and update documentation for vulnerability management processes and procedures.

Stakeholder Collaboration:

• Work closely with IT, network, application development, and security teams to address vulnerabilities.
• Provide guidance and recommendations for mitigating vulnerabilities.
• Conduct training sessions and workshops to educate teams about vulnerability management best practices.

Continuous Improvement:

• Stay updated on the latest vulnerabilities, threats, and industry trends.
• Enhance vulnerability management processes and methodologies.
• Evaluate and recommend new tools and technologies to improve the vulnerability management program.

Qualifications

Education: 
- Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field. Advanced degree preferred.

Experience: 
- Minimum of 8-10 years of experience in cybersecurity with a focus on vulnerability management.
- Extensive experience with VMS tools such as Tenable, Qualys, R7 etc.

Skills: 
- Strong understanding of common vulnerabilities and exposures (CVEs), CVSS, and vulnerability databases.
- In-depth knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001).
- Proficiency in scripting and automation (e.g., Python, PowerShell) is a plus.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to convey complex technical issues to non-technical stakeholders.
- Ability to work independently and manage multiple tasks and projects simultaneously.

Certifications (Preferred):
- CISSP, CISM, CEH, or similar cybersecurity certifications.