Vulnerability Management Technical Lead

About Sopra Steria
Sopra Steria, a major Tech player in Europe with 50,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to putting digital to work for its clients in order to build a positive future for all. In 2024, the Group generated revenues of €5.8 billion.
The world is how we shape it.

Experience: 4 to 8 yrs

Location: BLR

Engineering Graduate - preferably B.E. /B tech in I.T or Computer Engineering.

Job Description & Key Responsibility:

1. Ensure that Rapid7 is fully and effectively implemented across the relevant areas ○
2. Assist with the design, implementation and optimization of automated tagging workflows in Rapid7 InsightVM to support dynamic asset grouping, risk prioritization, and targeted remediation efforts
3. Build new and refine/optimize existing InsightVM dashboards and reports to provide efficient and actionable insights in order to prioritize and optimize a suitable remediation plan (patching, misconfigurations and so forth)
4. Integrate Rapid7 with external systems (e.g., CMDB, ticketing platforms like Cherwell and ServiceNow when implemented in the future) to ensure enrichment and accurate asset context and automated remediation ticket creation.
5. Collaborate with IT Infrastructure and Support teams to ensure proper asset discovery and tracking in order to reduce false positives and orphaned assets. This also includes identifying new assets that need enrollment in InsightVM (additional systems, endpoints, network devices etc.)
6. Implement and support scan scheduling and tuning for better and broader vulnerability coverage across IT infrastructure ○ Assist in risk acceptance workflows, ensuring proper documentation and time-bound exceptions within the Rapid7 InsightVM platform
7. Troubleshoot scan issues, tagging failures, and data synchronization problems across integrated platforms.
8. Drive process improvements by identifying gaps in the current vulnerability management workflow and recommending automation or policy changes.
9. Deliver clear and concise security reports and presentations to stakeholders at all levels of the organisation.
10. Provide training and guidance to staff on information security best practices
11. Align vulnerability management practices with the following standards:
12. ISO/IEC 27001
13. NIST Cybersecurity Framework
14. CIS Critical Security Controls (version 8), particularly Control 7 (Vulnerability Management).
15. NIS2
16. Extend the scanning scope to include additional systems, endpoints, or networks as appropriate.
17. Define and support the implementation of a structured process for tracking and remediating identified vulnerabilities.
18. Optimize our monthly reporting capabilities, including:
19. Clear and actionable KPIs and metrics (e.g., remediation timelines, risk levels, prioritization)
20. Management-level summary reports
21. Detailed technical reports for operational use
22. Provide guidance on what systems should be in scope and out of scope, based on risk assessment and business impact.

Total Experience Expected: 06-08 years

Qualification & Experience

1. Bachelor degree or Masters in Computer Science, Engineering, or related field. Advanced degrees or certifications are preferred
2. Having ~5 years of experience in information security, specifically in end-to-end vulnerability management with 2-3 years hands on Rapid7 experience
3. Strong analytical skills and experience with security information and event management (SIEM) tools.
4. Relevant technical certifications will be an added advantage
5. Excellent reporting and presentation skills, with the ability to communicate complex security concepts to non technical stakeholders
6. Knowledge of current cybersecurity trends, threats, and techniques, as well as an understanding of regulatory requirements
7. Ability to work independently and collaboratively in a fast-paced environment
8. Good interpersonal and communication skills, works effectively as a team player
9. French, German, Danish language knowledge will be an added advantage

Ready to work at client site in Bengaluru as per the support hours

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.