MONTREAL [HYBRIDE] - Vulnerability Management Specialist

Vulnerability Management Specialist

WHO WE ARE

As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in the fields of Banking, Finance, and Financial Services.

Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices : Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto and Casablanca.

We are hiring a Vulnerability Management Specialist to work with one of our clients based in Montreal.

Mission

We are currently seeking an Operational Engineer with experience in Threat & Vulnerability Management in Montréal. This position will report to the Production Security Vulnerability Management head.

Responsabilities

Responsibilities include but are not limited to :

• Comprehends and provides guidance on enterprise policies and technical standards, particularly concerning vulnerability management and secure configuration.
• Collaborates effectively with other security and IT infrastructure experts to evaluate potential vulnerability impacts specific to the client’s environment and establish suitable mitigating controls.
• Identifies and proposes appropriate actions to handle and resolve vulnerabilities, emphasizing reducing potential impacts on information resources to a level acceptable according to the policies and standards.
• Cultivates strong partnerships with technical teams to advocate for best practices in agile vulnerability management across traditional infrastructure and cloud environments.
• Capable of fully grasping business requirements and collaborating with business partners to devise suitable solutions that meet both security requirements and business objectives.
• Reviews and / or escalates exception requests submitted to the Vulnerability Management (VM) team. Utilizes a risk-based approach to analyze the vulnerability data against open / closed information sources, optimizing prioritization of vulnerability management activities.
• Develops and enhances key performance indicators (KPIs), metrics, and trend analyses for vulnerability management functions.
• Assists the team in maintaining appropriate documentation that delineates the Threat & Vulnerability Management Program, policies, and procedures.

Profile

SKILLS AND QUALIFICATIONS :

Must have :

• Possesses expert knowledge of the Vulnerability Management process, encompassing vulnerability identification, identification, and elimination of false negatives / positives.
• Demonstrates a strong command of Qualys, Nexpose, or Nessus, including configuration and maintenance, scan execution, and oversight of agent deployment.
• Exhibits experience with industry standards pertinent to Vulnerability Management, such as Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), and Open Web Application Security Project (OWASP).
• Familiarity with Security Standards / Controls outlined in various IT governance and compliance models like NIST, HIPAA, PCI, GDPR, ISO 27001 & 27002.
• Well-versed in technology and security domains, covering operating systems, network security, protocols, application security, infrastructure hardening, and security baselines.
• Previous involvement in large-scale environments with diverse technologies is essential.
• Desired proficiency in scripting languages.
• Analytical skills
• Strategic vision
• Rigor & Accuracy
• Flexibility
• Communication skills
• Collaboration
• Self-driven
• Team player

Preferred Qualifications :

• B.S. in Computer Science or equivalent field
• CISSP, CISM or similar industry certification
• 5 years of experience in Vulnerability Management or related field

Education

Bachelor’s degree in computer science / information systems or related field and / or sufficient professional work experience in similar position.