TV&M Engineer
CDI Courbevoie (Hauts-de-Seine) Conception / Génie civil / Génie industriel
Description de l'offre
Job Purpose
·
Responsible for security product engineering for TVM team
·
Ensure integrated TVM solutions are in place and meet required security controls
·
Identify and manage the project requirements and key stakeholders
·
Work closely with domain engineers, architects and designers as required
Key responsabilities
Threat and vulnerability Management solutions engineering
· Collaborate with Leadership and key stakeholders to capture and document functional and non-functional security requirements of TVM (Threat and Vulnerability Management) Solutions.
· Review security strategy, group standards and instructions to enumerate organisation requirements
· Support Group Enterprise Security Architects, Domain Security Architects for development of a threat and vulnerability management solution architecture
· Collaborate with Vulnerability Management specialist and Group Architects to build a TVM (Threat and Vulnerability Management) technology dependency and data integration requirements.
· Review current state of data integration capabilities and develop remediation plans in collaboration with wider Group functions.
· Collaborate with ISOPS leadership to formalise remediation plan and include as part of ongoing project charter
· Collaborate with Vulnerability Management specialist to build a data model for integration, reporting and processing of vulnerability and threat data.
· Develop solution configuration and technical setup requirements for vulnerability scanning, processing and reporting functions of the tool.
· Collaborate with Vulnerability Management Specialist to perform regular technology and engineering assessments to review quality of integration data, third party and vendor provided feed data. Develop remediation and improvement plans to address gaps from the review.
· Participate in industry forums, public conference and vendor presentations to keep abreast of latest techniques, tools and technologies in vulnerability
· Collaborate with Head of Cyber Threat and Vulnerability Management to recommend technology and tooling improvements and upgrade
Security Scanning Technologies Configuration & Maintenance
· Ensure vulnerability scanning tools are correctly configured and setup to perform the scanning function.
· Ensure scanning configuration aligned to vulnerability scanning requirements as stated by the vulnerability management standards and Information Security policy framework e.g. authenticated scans etc.
· Ensure Vulnerability Management Analyst regularly reviews the scanning tool database and access to all relevant and current vendor vulnerability data
· Ensure the scanning tool produces scanning reports in line with ISOPS operational team requirements and using appropriate terminology and agreed report format.
· Collaborate with Vulnerability Management Analyst and establish a vulnerability scanning schedule for platforms, endpoints and business units in line with vulnerability management standards and OpCo agreed scanning windows.
· Collaborate with Vulnerability Management Analyst to regularly assess performance of scanning tool to ensure scans are completed in agreed time windows. Engage with scanning vendor, Domain Architects and OpCo CISOs to validate scan time window based on scan results and performance.
· Collaborate with Vulnerability Management Specialist to provide recommendations on improving vulnerability scanning function.
· Keep track of IP address and Asset data anomalies and escalate to Asset Management team. Make corrections to tool and scanning reports to remove anomalies.
· Collaborate with Vulnerability Management Specialist and ISOPS Domain Architects to validate and review the privilege access arrangements and requirements to perform scanning.
· Collaborate with Vulnerability Management Specialist and ISOPS business to regularly review new vulnerability scanning requirements and environments e.g. Mobile, Cloud etc.
Collaborate with Vulnerability Management Specialist to regularly review Group and OPCOs technology platforms and IT change to gather technology coverage requirements e.g. VDI, Application platforms
Profil recherché
Qualifications :
Education
·
Bachelor degree in Computer Science, Engineering, or related field would be desirable
Certification
·
Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) preferred
·
Member of IISP or have the qualification, skills and experience to become a member preferred
·
Security vulnerability assessment / security testing qualifications preferred but not essential
Overall work experience in the field
Experience in Information Security field > 3 years
· Experience in T&VM (penetration testing, vulnerability scanning etc.) > 3 years (essential)
· Background in Security solution engineering required, background in security architecture and design preferred but not required
· Background in networks and/or systems management is preferred but not essential
· Proven experience with vulnerability scanning and reporting tools such as Nessus, Qualys, ServiceNow, PowerBI or equivalent
Skills / abilities
· Cross cultural sensitivity, flexibility
· Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
· Good interpersonal and communication skills, works effectively as a team player
· Ability to function effectively in a matrix structure
· Good analytical skills
· Fluent in English