Deloitte | India Offices of the US

Vulnerability Senior Analyst (U2) – Vulnerability Management

Organization Summary

At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.

Team Summary

Working with the Vulnerability Lead, you will strive to identify and remediate all vulnerabilities detected across Deloitte UK Infrastructure. These may appear in the form of routine patching, software updates or system changes.

Using excellent written and communication skills, you will engage with a breadth of stakeholders across Deloitte in the pursuit of securing the firm. You’ll develop a close collaborative relation with our IRT (Incident Response Team), ensuring we stay informed of the latest attack vectors.

Location: Hyderabad

Work Shift Timings: 02:00 PM to 11:00 PM

Role Requirement

•     Good working knowledge of Vulnerability scanning and management platforms.

•     Excellent written and verbal communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts.

•     Working knowledge of vulnerability assessment tools – Qualys Solutions, 3^rd Party Cyber Risk rating platforms (BitSight, Security ScoreCard and Risk Recon), vulnerability, and patch management tools.

•     Extensive Knowledge of Security modern threats, Cyber-attack vectors and Indicators of compromise (IOCs).

•     Good knowledge around information security best practices.

•     Knowledge of OWASP top 10 and software development security controls.

•     Public Cloud security controls.

•     Good understanding of Network and IT Infrastructure security best practice and hardening methodology.

•     Knowledge and hands on experience of ITIL service management framework.

•     Be able to collaborate with clients.

•     A team player with an ability to work collaboratively and positively motivate self.

•     Ability to work in hybrid work environment, offering support to team members remotely along with able to work as part of a geographically separated team.

•     Willingness to learn additional technologies, not focused on a single technology/application.

•     Committed to team success rather than individual success.

•     Hands on approach with ability to multitask.

•     Can adapt to changing priorities and maintains a positive attitude.

•     Capable of working collaboratively in a team environment, often coordinating with other IT teams.

Roles and Responsibilities

• Driving day-to-day vulnerability management activity.
• Lead Cyber Essentials meetings and perform vulnerability management tasks.
• Manage and act as a bridge between ISG, PMO and IT Infrastructure.
• Organize and conduct effective monthly meetings with service owners to ensure that vulnerabilities are addressed promptly and effectively.

• Ensure asset information in CMDB is accurate thus allowing for successful patching of devices.

• Review scan reports, identify vulnerable components and its owners, help apps/system owners to perform an initial security risk analysis and create remediation plan.
• Perform risk assessment by evaluating the risks associated with identified vulnerabilities, considering factors like exploitability and potential impact.
• Prioritize vulnerabilities based on their risk level and track vulnerability remediation procedures.
• Look after vulnerability dashboard and make sure we have up to date vulnerability info visible for Apps/System owners and prepare reports for IT Senior Management and Information Security Group.
• Utilize 3rd Party Cyber Risk rating tools like BitSight, Security ScoreCard, and RiskRecon for continuous monitoring of Deloitte’s cybersecurity posture.
• Work closely with IRT (Incident Response Team) under review of new/emerging vulnerabilities/threats and help with initial prioritisation and remediation.
• Help Apps/Service owners to prepare and execute remediation plans or design and implement compensation controls to cover an existing vulnerability.
• Gather security notifications from our vendors/ stay updated with security advisories and threat intelligence reports and perform an initial analysis and reports.
• Aid IRT with security incidents investigation and problem resolution.
• Review/update an existing Vulnerability processes and procedures.
• Recommend security enhancements and best practices to management and technical teams.
• Follow the best practices for maintaining server patch compliance. Ensure servers are updated with latest security patches and updates.

• Pro-active approach to identify and mitigate any security risk.

• Follow established change management process to complete all technical changes in the environment.

• Responsible for maintaining platform health checks and stability.

• Assist with KPI metric and reporting across the estate.
  

• Plan and implement continual service improvements across all the platforms.
  

Tools and Technologies

• Qualys Cloud Platform
• BitSight
• Service Now
• CyberArk

Qualifications

·       Bachelor of Engineering/ Bachelor of Technology

·       4-6 years’ experience in a similar role and Enterprise organisation.

Technical Certifications (Good to have)

• ISC2
• CompTIA Security+
• ITIL V4