Vulnerability Management Subject Matter Expert (SME) - (Banking/Financial/Capital Market Domain)

Location: New York, NY (Hybrid Onsite from Day 1)

We are seeking a highly motivated and experienced Vulnerability Management Subject Matter Expert (SME) to join our growing security team. In this role, you will be responsible for leading our vulnerability management program, identifying, prioritizing, and remediating security vulnerabilities across our IT infrastructure.

Responsibilities:

• Design, implement, and manage a comprehensive vulnerability management program aligned with industry best practices (e.g., NIST CSF).

• Customize scan profiles, schedules, and policies to optimize vulnerability scanning across diverse IT environments.

• Serve as the primary point of contact for technical inquiries and escalations related to the Qualys platform.

• Serve as the primary point of contact for technical inquiries and escalations related to the Qualys platform.

• Identify opportunities for automation and integration to streamline vulnerability management processes.

• Provide advanced troubleshooting and resolution of issues to ensure the stability and reliability of vulnerability scanning operations.

• Provide advanced troubleshooting and resolution of issues to ensure the stability and reliability of vulnerability scanning operations.

• Conduct regular vulnerability assessments and penetration testing using industry-recognized tools and methodologies.

• Prioritize vulnerabilities based on severity, exploitability, and business impact.

• Develop and implement remediation plans for identified vulnerabilities, working cross-functionally with IT and development teams.

• Track and report on vulnerability management program metrics and KPIs.

• Collaborate with security analysts and engineers to investigate and respond to security incidents.

• Provide security awareness training on vulnerability management best practices to internal stakeholders.

• Excellent analytical, problem-solving, and decision-making skills.

• Effective communication and interpersonal skills, with the ability to interact with stakeholders at all levels.

• Collaborate with cross-functional teams to integrate Qualys Vulnerability Management with other security tools and systems.

• Work closely with IT operations, security operations, and compliance teams to ensure alignment and coordination on vulnerability management initiatives.

• Develop and maintain comprehensive reports and dashboards to track key performance indicators and metrics related to vulnerability management.

• Provide regular updates and insights to senior management and key stakeholders on the organization's vulnerability posture.

• Stay abreast of emerging trends and advancements in vulnerability management technologies and methodologies.

• Drive continuous improvement initiatives to enhance the effectiveness and efficiency of vulnerability scanning processes.

Qualifications:

• 8-12 years of experience in vulnerability management and security operations.

• Proven experience in designing, implementing, and managing vulnerability management programs.

• Strong understanding of vulnerability assessment tools and methodologies on Qualys, knowledge with other tools like Rapid7 InsightVM /Nexpose, Nessus, Tenable.io is a plus.

• Experience with vulnerability prioritization frameworks (e.g., CVSS).

• Excellent understanding of network security concepts, firewalls, intrusion detection/prevention systems (IDS/IPS).

• Experience working in a cross-functional environment and collaborating with IT and development teams.

• Strong communication, analytical, and problem-solving skills.

• Excellent written and verbal communication skills.

• Ability to work independently and manage multiple priorities.

Preferred Skills:

• Experience with Security Information and Event Management (SIEM) systems.

• Experience with scripting languages (e.g., Python, Bash).

• Experience with penetration testing methodologies (e.g., OWASP Top 10).

• Certifications in vulnerability management (e.g., GSEC, CISSP) a plus.

• Ability to work independently and manage multiple priorities in a fast-paced environment.

• Strong project management skills with the ability to lead and execute technical initiatives from inception to completion