Key Responsibilities:
Develop and manage security baseline configurations for systems, applications, and network devices.
Ensure that all security baselines and related processes adhere to industry standards, best practices, and regulatory requirements.
Maintain up-to-date documentation for security baselines, policies, and procedures.
Communicate significant changes to internal standards, facilitate risk assessments, and address any deviations from policies, standards, and regulatory obligations.
Collaborate with the metrics team to ensure timely and accurate publication of compliance reports.
Partner with Group Technology and other business units to ensure the timely and effective implementation of security baselines.
Participate in internal and external audits to verify adherence to security baselines and address any gaps identified.
Automate processes to streamline and enhance the end-to-end security configuration workflow, from creation to validation.
Qualifications:
A minimum of 5 years of technical experience in Vulnerability Management, with expertise in asset management and vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7), with a particular focus on security baseline development and compliance.
Familiarity with widely adopted cybersecurity frameworks and standards, including NIST, ISO/IEC 27001, and CIS Controls.
Experience administering baseline configuration scanning tools (e.g., Qualys, Rapid7, Nessus).
Proficiency in programming, particularly Python.
Experience in IT Security Operations Management is a plus.
A degree in Computer Science, Information Technology, or a related field is preferred.
Mandatory Skills:
Expertise in defining, implementing, and managing security baseline configurations.
Hands-on experience with Vulnerability Management tools.#J-18808-Ljbffr