Team Lead - Threat & Vulnerability Management at SHI LOCUZ ENTERPRISE SOLUTIONS PVT LTD
SHI LOCUZ ENTERPRISE SOLUTIONS PVT LTD · Pune, India · Onsite
- Senior
- Office in Pune
- Lead and mentor a team of vulnerability management analysts.
- Assign and prioritize tasks for vulnerability assessments and remediation tracking.
- Provide technical guidance and career development support to team members.
- Foster collaboration with cross-functional teams including IT, security operations, DevOps, and application teams.
- Oversee regular vulnerability scans using tools like Tenable, Qualys, Rapid7, or Nexpose.
- Analyze vulnerability scan results to determine severity, risk, and impact.
- Ensure all assets in scope are continuously scanned and monitored for vulnerabilities.
- Coordinate with system and application owners for timely remediation of identified vulnerabilities.
- Track remediation progress and escalate overdue or critical risks.
- Support the development of mitigation strategies when patches are not immediately available.
- Prioritize vulnerabilities based on risk (CVSS, threat intelligence, asset value, exploitability).
- Produce detailed reports and dashboards for leadership, including KPIs and compliance metrics.
- Communicate risks clearly to both technical and non-technical stakeholders.
- Administer and fine-tune vulnerability scanning tools.
- Evaluate and implement new tools and technologies to improve VM efficiency.
- Automate scanning, ticketing, and reporting processes where possible.
- Ensure adherence to internal security policies, industry regulations (e.g., PCI-DSS, ISO 27001, NIST).
- Participate in audits and provide documentation or evidence of vulnerability management practices.
- Integrate threat intelligence to contextualize and prioritize vulnerabilities.
- Stay updated on zero-day vulnerabilities, vendor advisories, and current exploit trends.
- Assist in incident investigations related to exploited vulnerabilities.
- Provide root cause analysis and support post-incident remediation.
- Deep understanding of vulnerability management processes, tools, and lifecycle.
- Strong leadership and interpersonal skills.
- Experience with vulnerability scanners and asset management tools.
- Knowledge of operating systems, networking, applications, and cloud infrastructure.
- Familiarity with frameworks such as CVSS, MITRE ATT&CK, NIST, CIS Controls.
- Excellent communication, report writing, and analytical skills.