Installing, configuring and maintaining the vulnerability scanners
Organising network-based scans to identify possible network security flaws and host-based scans to identify vulnerabilities in workstations, servers, and other network devices
Analysing the vulnerabilities, determine the associated risks and provide input on risk remediation in association with the Information Security Manager, the IT Department and the Asset-owner.
Develop comprehensive reports detailing vulnerabilities, their potential impact in context of attack path, and recommended remediation actions regarding attack path disruption.
keeping track of planned remediating actions or compensating controls in order to follow up on their implementation
Schedule rescans to verify the remediating actions have been implemented and report progress to ensure effectiveness
Prepare the organization for penetration tests and derive measures for improvement
Qualifications:
At least 5 year s experience as a security administrator in large environments
Deep understanding about critical security flaws in context of attack path and experience in fixing them
Practical experience in operating scanners like OPENVAS, Nessus, NMAP, Microsoft Baseline Security Analyzer etc.
Strong knowledge about CVSS, CVE and technical risk management
Strong knowledge about MITRE ATTCK Method analysing attack vectors
Strong skills in reporting, communication and training
