Cybersecurity Vulnerability Analyst

Greetings From TCS!!

Position : Vulnerability Management

Experience : 7+ years

Location : Bangalore

Job Description :

• Monitor & Administer Rapid7 InsightVM, CrowdStrike Spotlight dashboards and daily scan status.
• Perform and Validate scan results, failures, authentication issues, and asset discovery errors.
• Execute scheduled and on-demand scans across servers, endpoints, cloud, and network.
• Identify new assets and ensure proper tagging and inclusion in scanning scope.
• Perform authenticated scans using approved credentials.
• Identify high/critical vulnerabilities and assign remediation tickets.
• Maintain daily/weekly operational vulnerability summary reports.
• Administer Rapid7 InsightVM: scan engines, sites, templates, asset groups.
• Configure authenticated scans and troubleshoot credential failures.
• Manage CrowdStrike Spotlight asset visibility and vulnerability correlation.
• Tune scan templates to reduce latency and false positives.
• Analyze vulnerabilities based on CVSS, EPSS, RealRisk, KEV, exploit intelligence.
• Validate false positives with application/infra teams and re-scan for verification.
• Prioritize vulnerabilities using exploit-based and business-risk-based approaches.
• Coordinate remediation with IT, cloud, network, and application owners.
• Track remediation SLAs and manage vulnerability exception workflows.
• Integrate VM tools with SIEM (Splunk, QRadar, Chronicle) for event correlation.
• Create vulnerability dashboards and reporting for leadership.
• Configure cloud connectors for AWS, Azure, GCP and validate scan coverage.
• Manage VM configurations in secondary tools: Qualys policies, Nessus repositories, Tanium modules, Defender TVM exposure dashboards.
• Architect enterprise-level vulnerability management strategy across hybrid/multi-cloud.
• Lead onboarding of global environments, network segments, cloud workloads, OT/IoT.
• Develop automation using Python/PowerShell for scan scheduling, data extraction, ticket creation, and exception workflows.
• Implement CI/CD pipeline vulnerability scanning for DevSecOps environments.
• Correlate vulnerabilities with threat intelligence, exploit kits, malware campaigns.
• Manage enterprise governance: remediation SLAs, exception policies, escalation matrix.
• Conduct periodic vulnerability posture reviews and risk reduction roadmaps.
• Maintain compliance alignment: ISO 27001, PCI-DSS, NIST CSF, CIS benchmarks.
• Lead cross-tool migrations and unified vulnerability reporting architecture.
• Mentor L1/L2 teams, build SOPs, knowledge bases, and operational playbooks.
• Manage integration of VM tools with CMDB, patching systems (SCCM/Intune/Tanium), EDR tools, and cloud native scanners.

Thanks & Regards,

Divya Jillidimudi