Threat & Vulnerability Management Contrat : CDI

Xpertize est un bureau de recrutement unique en son genre offrant une approche 360° à ses clients dans le but d’identifier les meilleurs candidats dans le marché, que ceux-ci soient activement ou passivement à la recherche de nouvelles opportunités.

Xpertize combine avec succès et de manière ouvertement affichée le head hunting (approche directe des candidats dans leur fonction actuelle) et le social hunting (approche indirecte des candidats via une exploitation intensive des réseaux sociaux privés et professionnels).

Cette combinaison unique s’appuyant d’une part sur une méthodologie traditionnelle de recherche de candidats et, d’autre part, sur la puissance offerte par les réseaux sociaux permet à Xpertize d’optimiser la phase d’identification de candidats et de se concentrer sur l’analyse de leurs compétences.

Cette méthodologie unique a un impact direct sur la qualité des candidats identifiés d’une part, et sur la rapidité d’engagement du candidat idéal d’autre part.

The main mission of the Security Engineer Vulnerability and threat Management is to perform scans and reports using the Qualys Guard tool. You’ll be responsible of performing and scheduling compliance and vulnerability scans on the client network activity and infrastructure and generating reports to different teams (such as server admins, network administrators in order to mitigate scanned vulnerabilities). The role consists also of integrating and managing different assets in the Qualys Guard modules.

Description :

Security Management:

• Conduct vulnerability scanning and assessment functions related to various clients, environments, technologies, systems and appliances
• Coordinate effectively with representatives of different Business Units and technology specialists Integrate and manage assets in Qualys
• Effectively communicate security vulnerabilities and risks to issue owners and assist in remediation efforts Govern and enforce cybersecurity policies and vulnerability remediation deadlines
• Develop and maintain executive dashboards and/or regular reports to communicate department-specific cybersecurity risks and threats

Reporting Service :

• Provide a monthly/Weekly analysis of common vulnerabilities and compliance issues
• Produce a periodic dashboard demonstrating remediation progress and cases’ status

Education :

• Minimum Bac+5 in Networks and Security.

Certification :

• An information Security Certification is highly desired (CCNA R&S, CCNA Security, NSE4, PCCSA, MCSA, CEHv9/v10…or/and equivalent)

Work Ethics :

• Due to the sensitive nature of the task, the role holder must have a demonstrated high level of work ethics, secrecy and discretion. A background check will be performed :

Overall work experience in the field :

• Global technical vision of the main security tools / environments: PKI, SIEM, SOC, authentication, IPSEC, AD security, operating system security, Windows account security
• Experience managing data security programs like Password Vaulting, Privileged Access Management (Cyber Ark)
• Experience with Identity Management concepts and processes including authorization,authentication, segregation of duties
• Knowledge of best practices around data security
• Experience using an ITSM tool such as ServiceNow
• Strong fundamentals in networking protocols and troubleshooting
• Knowledge of hacking techniques, cyber threats and security trends
• At least 2 years’ experience in the cybersecurity industry

SKILLS & ABILITIES :

• Experience with vulnerability management tools (e.g. Kenna, Nexpose, Tenable, Qualys, etc.)
• Hands-on experience with Qualys, a certification is a plus
• Work on maturing vulnerability management & Compliance program services and processes
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions
• Take part of the implementation and operational best practices while taking ownership of tasks and/or project workstreams
• PowerShell and Python scripting skills
• Coding skills, such as HTML, CSS, Power Query and other languages
• Analytical thinking, time management and coordination skills
• Fluent English (Very important)