Vulnerability Management Consultant(Onsite)
Description:
About Us:
LTIMindtree is a global technology consulting and digital solutions company that enables enterprises across industries to reimagine business models, accelerate innovation, and maximize growth by harnessing digital technologies. As a digital transformation partner to more than 700+ clients, LTIMindtree brings extensive domain and technology expertise to help drive superior competitive differentiation, customer experiences, and business outcomes in a converging world. Powered by nearly 90,000 talented and entrepreneurial professionals across more than 30 countries, LTIMindtree — a Larsen & Toubro Group company — combines the industry-acclaimed strengths of erstwhile Larsen and Toubro Infotech and Mindtree in solving the most complex business challenges and delivering transformation at scale. For more information, please visit
Job Title: Vulnerability Management Consultant
Work Location: Erlanger, Kentucky(Onsite)
Job Description
The Security and Compliance Analyst is responsible to perform the following duties
1 Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
2 Fair understanding of Technology Landscape Applications Infrastructure Cloud and review
Clients information security and related threats and vulnerabilities legal and regulatory
requirements
3 Good Understanding on Security Standards like ISO 270012 SOX ITGC SOC1 or SOC2
DevSecOps OWASP top 10 Business Impact analysis ISO 22301 ISO 27005
4 Assess and classify all potential business and infrastructure information risks
5 Review and advise on information security risks of vendor offerings New leveraging existing SAAS PAASIAAS services including integration with Client environment
6 Conduct risk assessment on Applications Network Systems according to Client policies applicable Standards legal regulatory requirements
7 Identify the risks in the Client Projects provide recommendations for remediation of identified risks
8 Translate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies
9 Identify or design the controls for implementation based on the outcome of Risk Assessment its remediation and residual risk
10 Ensure all the controls outlined for an application Infrastructure are designed effectively
11 Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
12 Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
13 Ensure all the risks are documented classified and tracked with appropriate action as per the IRM standards
14 Work with Project Managers Business Analysts Architecture and Support Team to ensure Client Information Risk Management standards are being followed
15 Test the control effectiveness post implementation or deployment of controls and technologies
16 Conduct Security governance with Client stakeholders
Technology
1 Understanding of Cloud Security SAAS IAAS and PAAS and Onpremise infrastructure
2 Understanding of secure application development and support
3 Knowledge on Network Security Data Security Practices EndPoint Security Identity and
4 Access Management
5 Knowledge on Business Continuity Plan and Disaster Recovery
JD Keywords
Security Risk Assessment ISO 270012 SOX ITGC SOC1 or SOC2 DevSecOps OWASP
top 10 Security Risk Management Business Impact analysis Design Controls Data
Security Security Policy review Business Continuity Cloud Security Network Security
Identity and Access Management ISO 22301 ISO 27005 Control testing Control
assessment
Knowledge and skills
1 Projects Stake holder Management Governance Management Reporting
2 Very good communication skills Agile Project delivery
3 Cloud Security controls Data Security SeInfo baselines Privacy requirements
Industry Certifications
ISO 27001 Lead Auditor or Lead Implementor CISA CRISC CISM CISSP
Skills
Mandatory Skills : Infra Vulnerability Management - Qualys,Infra Vulnerability Management - Rapid 7,Infra Vulnerability Management - Tenable IO,Infra Vulnerability Management - Tenable Nessus, SC, CS,Infra Vulnerability management/Triaging/ Remdiation Advisory / ServiceNow /ITSM /CMDB
Benefits/perks listed below may vary depending on the nature of your employment with LTIMindtree (“LTIM”):
Benefits and Perks:
Comprehensive Medical Plan Covering Medical, Dental, Vision
Short Term and Long-Term Disability Coverage
401(k) Plan with Company match
Life Insurance
Vacation Time, Sick Leave, Paid Holidays
Paid Paternity and Maternity Leave
The range displayed on each job posting reflects the minimum and maximum salary target for the position across all US locations. Within the range, individual pay is determined by work location and job level and additional factors including job-related skills, experience, and relevant education or training. Depending on the position offered, other forms of compensation may be provided as part of overall compensation like an annual performance-based bonus, sales incentive pay and other forms of bonus or variable compensation.
Disclaimer: The compensation and benefits information provided herein is accurate as of the date of this posting.
LTIMindtree is an equal opportunity employer that is committed to diversity in the workplace. Our employment decisions are made without regard to race, colour, creed, religion, sex (including pregnancy, childbirth or related medical conditions), gender identity or expression, national origin, ancestry, age, family-care status, veteran status, marital status, civil union status, domestic partnership status, military service, handicap or disability or history of handicap or disability, genetic information, atypical hereditary cellular or blood trait, union affiliation, affectional or sexual orientation or preference, or any other characteristic protected by applicable federal, state, or local law, except where such considerations are bona fide occupational qualifications permitted by law.
Safe return to office: In order to comply with LTIMindtree’ s company COVID-19 vaccine mandate, candidates must be able to provide proof of full vaccination against COVID-19 before or by the date of hire. Alternatively, one may submit a request for reasonable accommodation from LTIMindtree’s COVID-19 vaccination mandate for approval, in accordance with applicable state and federal law, by the date of hire. Any request is subject to review through LTIMindtree’s applicable processes.