Senior Vulnerability Management Consultant

le contenu du travail

Job Summary

We are seeking a highly skilled and experienced Senior IT Security Consultant, specialized in Vulnerability Management, to join our team in a leading pharmaceutical company. The successful candidate will have a minimum of 5 years of experience in the field, a Bachelor’s degree, and a deep understanding of vulnerability management processes and tools. You will manage & configure the Qualys environment and be responsible for driving the identification and management of vulnerabilities in systems together with the VM analysts. You will drive and assist in various projects (CIS benchmarks, VM Automation, Secure configurations (ESXi, Database, MS Defender,…), firewall reviews,…)

Functional Responsibilities

• Manage and Configure Qualys Environment:
• Ensure effective vulnerability management by configuring and maintaining the Qualys
  
  

environment.

• Monitor and optimize vulnerability scanning processes.
• Collaborate with VM Analysts:
• Work closely with vulnerability management analysts to identify, assess, and prioritize
  
  

vulnerabilities in UCB’s systems.

• Assist in developing remediation plans and tracking progress.
• Run and oversee the vulnerability management program & campaigns
• ensuring timely and effective communication with IT stakeholders for patching, remediation,
  
  

and lifecycle management.

• Create detailed reports and dashboards to communicate effectively with stakeholders.
• Drive and Assist in Various Security Projects:
• Implement CIS benchmarks to enhance security posture.
• Automate vulnerability management processes to streamline identification and remediation
  
  

through basic scripting and API’s.

• Ensure secure configurations for Windows, Linux, ESXi, databases, Microsoft Defender,...
• Conduct thorough firewall reviews to validate rule sets.
• Stay Informed:
• Keep up-to-date with industry best practices, emerging threats, and security trends.
• Apply this knowledge to improve vulnerability management practices.
• Provide Expertise and Guidance:
• Offer insights on vulnerability management strategies, tools, and techniques.
• Collaborate with cross-functional teams to enhance overall security.
• Risk Assessments and Documentation:
• Participate in risk assessments and security audits.
• Develop and maintain documentation related to vulnerability management processes.
• Document changes following ITIL best practices and work closely with the compliance
  
  

teams.

• Continuous Improvement:
• Act as a subject matter expert in vulnerability assessment tools.
• Continuously optimize and refine vulnerability management processes.
  
  

Requirements

Education

• Bachelor’s degree in Computer Science, Information Systems, or a related field.
  
  

Certifications

• Qualys certification and other relevant security certificates like CISSP, CEH, CISA are preferred.
  
  

Experience

• Minimum of 5 years of experience in vulnerability management, including vulnerability
  
  

assessments and penetration testing.

• Proficiency in Qualys VMDR, Microsoft Defender (TVM), and BitSight.
• Experience with basic scripting, API work, and automation.
• Knowledge of Power BI or other dashboarding/reporting tools
• Familiarity with CIS benchmarks, secure configurations (Windows, Linux, esxi, databases,
  
  

defender,...), Azure, and containers.

• Familiarity with CVE, CVSS, EPSS, …
• Experience with BMC Helix CMDB/ticketing system is a plus.
• General cybersecurity knowledge.
• Experience with common network protocols, operating systems, and application architectures.
  
  

Skills

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work effectively in a team environment and independently.
• The candidate has to be familiar with working in a validated (pharma-compliance requirements) system environment (e.g. itil change management processes and change management tools,
  
  

documentation of work and system configuration).

• Being able to translate technical items (vulnerabilities, cve’s, exploits,…) and the impact to systems in easy to understand remediation tasks.
• Ability to document, keep track and follow-up on remediation efforts.