Vulnerability & Threat Management & OCR L3 Engineer

Experience

10+ years of combined experience in Vulnerability Management, Threat Assessment, and Security Change Review.

Availability

8x5 Onsite (Business Days) with On-Call service outside business hours.

Core Mandate

Vulnerability prioritization, threat monitoring, security assessment of operational changes (OCR), and firewall governance.

Key Responsibilities (VTM):

• Perform Asset Discovery of Customer's Infrastructure using tools such as Qualys.
• Prioritization of Vulnerability findings based on threat assessment and policy risk identification.
• Develop and/or maintain a comprehensive Vulnerability and Threat Management framework.
• Monitor new vulnerabilities and attack vectors, assessing their applicability to the Customer's environment.
• Raising Vulnerability Findings through Risk Management solutions (e.g., Archer GRC) and following up on risk remediation.
• Act as the SPOC for Compliance findings closure and guide stakeholders for remediation.

Key Responsibilities (OCR):

• Conduct Security assessment of Firewall Change Requests, Operation Change Requests (OCRs), and other changes, providing responses within the SLA.
• Responsible for creating and maintaining Standard Operating Procedures (SOPs) for firewall configuration.
• Perform firewall configuration audits (manual or tool-based) and ensure necessary actions are completed with stakeholders.
• Responsible for documenting non-compliance to SOP or security risk post-configuration and raising risks.
• Handle the optimization of firewall rules (WAF, FW, Proxy) based on review or automated guidance.

Required Skills:

• Expertise in vulnerability scanning tools (Qualys, Nessus, etc.) and risk scoring.
• Deep knowledge of network security controls, firewalls, and security configuration best practices.
• Strong understanding of GRC solutions (Archer) and compliance frameworks.

Job Type: Full-time