Airtel - IT Security Analyst - VAPT

- Should have experience in Vulnerability Assessment and Penetration testing across Infra and Applications

- Hand-on experience with VA/ PT tools like Tenable etc.

- Perform asset and network discovery activities; infrastructure vulnerability testing, helping to ensure full coverage of the Epsilon environment

- Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets

- Vulnerability Analysis Creation. Produce vulnerability reports providing a highly timely; accurate; and actionable assessment of new vulnerabilities as they are discovered.

- Recommend security patches and any other measures; produce operations reports

- Support vulnerability scanning activities, interprets the results, and validates potential exposures; Collate security incident and event data to produce monthly exception and management reports

- Keep the Vulnerability Management Program in compliance with security policy and with published SLAs

- Leverage CMDB inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress

- Monitor security vulnerability information from vendors, and third parties

- Assist in maintaining technical support documentation.

- Collaborate with Information Technology and Business Departments to implement or coordinate remediation required by audits, and document exceptions as necessary Skills/ Experience expected

- Ability to demonstrate knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets

- Experience in deploying, operating, and maintaining vulnerability scanning infrastructure and services

- Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)

- Perform initial analysis, identification, remediation, and documentation of network intrusions and computer system compromises

Technical Skills:

- 3 to 5 years of experience Security Operations experience

- Ability to read, write and modify scripts for automation of vulnerability management tasks using Python, PowerShell, Ruby on Rails, and/ or Bash

- Good knowledge of packet filtering, stateful packet inspection and the differences between them

- Good knowledge of fundamental networking/distributed computing environment concepts; routing, switching, VLANs, VPNS, NIS, NFS.

- Intermediate to advanced understanding of packet capture and analysis using snoop, tcpdump and Ethereal or similar tools.

- Experience with host security (e.g., passwords, uids/gids, SIDs, file permissions, ACLs, filesystem integrity, use of security packages, IPTables).

- Familiarity with incident response techniques, intrusion prevention systems, information security methodologies, authentication protocols and different IT Security threat mechanisms.

- Knowledge of IT Security Standards (ISMS / ISO 27001, PCI-DSS etc.)