- Develop and execute a comprehensive patch and vulnerability management strategy aligned with industry best practices and organizational goals.
- Establish and document procedures, policies, and guidelines for vulnerability and patch management processes.
- Conduct regular vulnerability assessments and scans to identify security vulnerabilities across the organization's systems, networks, and applications.
- Prioritize vulnerabilities based on severity and potential impact and collaborate with relevant teams to develop and implement effective remediation plans.
- Track and monitor the progress of vulnerability remediation efforts, ensuring timely resolution and closure.
- Research, evaluate, and test patches released by software vendors or security organizations.
- Develop a patch management framework to ensure the timely deployment of patches while minimizing operational disruptions.
- Collaborate with system administrators and IT teams to schedule and implement patch deployments across the organization's infrastructure.
- Generate regular reports and metrics on vulnerability and patch management activities to provide visibility to management and stakeholders.
- Communicate vulnerabilities, risks, and mitigation strategies effectively to technical and non-technical stakeholders.
- Stay informed about emerging threats, vulnerabilities, and industry trends to continually enhance the vulnerability management program.
- Lead a team of security professionals responsible for vulnerability scanning, patch deployment, and remediation activities.
- Provide guidance, mentorship, and training to team members, fostering a culture of continuous improvement and professional growth.
- Collaborate with cross-functional teams, including IT operations, development, and security, to ensure effective coordination and alignment in vulnerability and patch management efforts.
- Strong understanding of common vulnerabilities and exposures (CVEs), and security vulnerabilities in operating systems, software applications, and network devices.
- Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks effectively.
- Strong leadership and team management abilities, with a collaborative and proactive approach.
- Effective verbal and written communication skills, with the ability to convey technical concepts to diverse audiences.
- Continual learning mindset to stay updated with the latest security trends, vulnerabilities, and technologies.
- Work with solution architects to design and develop a patch management and vulnerability management practice.
Qualifications and Skills:
Education: bachelor’s degree in computer science, information security, or a related field.
Certification: Relevant certifications – CEH, Security +, Relevant vendor certifications are a plus.
Experience: Proven experience (6 years) in patch management, vulnerability assessment, and remediation in a large-scale enterprise environment.
Knowledge of Tools: In-depth knowledge of vulnerability scanning tools, patch management systems, and industry-standard vulnerability databases.
Vendor Tools: Qualys, Nessus, Microsoft SCCM, IBM BigFix