Vulnerability Management - L3

Vulnerability Management - L3

Location : Bangalore

Mode : Hybrid

- On the portal where vulnerabilities are listed, each vulnerability must be analyzed;
- Within each record of each vulnerability, analyze the required fixes and the vendor involved
- Contact the vendor to discuss the vulnerability fix (usually the vendor applies the fix in a test environment)
- If there is any impact or downtime required, it will be necessary to align with Miguel Marçal on the intervention window;
- Contact T-Systems to schedule the intervention;
- T-Systems will have to ensure a virtual machine snapshot is performed to enable rollback protection;
- Support the vendor during the application of the fixes in the production environment Security Operations Lead Roles and Responsibilities ( Grade IS3 / IS4) Vulnerability Analysis & Tracking
- Review and analyze vulnerabilities listed on the security portal & Servicenow
- Assess each vulnerability record to identify required fixes and determine the responsible vendor.
- Maintain a centralized tracking system for all open vulnerabilities and remediation status.

Vendor Coordination
- Contact vendors to discuss and plan the application of fixes, typically in a test environment first.
- Support vendors during the fix deployment in production environments.
- Ensure rollback protection by coordinating virtual machine snapshots before any intervention.

Intervention Planning
- Coordinate with T-Systems to schedule interventions and confirm snapshot creation for rollback capability.

Remediation Execution
- Facilitate and monitor the application of fixes in production environments.
- Ensure all remediation activities are completed within agreed timelines and with minimal disruption.

Documentation & Reporting to CSO
- Document all remediation steps, communications, and outcomes.
- Provide regular updates and reports to management on vulnerability status and resolution progress to CSO.
- Participate in the weekly and monthly review with CSO.