Vacancy for Computer Science Graduates at Sony

Overview:

Sony is hiring an experienced GVM+Data Analyst at their Bangalore location.

The complete details of this job are as follows:-

Roles and Responsibilities:

The Ideal Candidate should be able to:

Serve as a Security Vulnerability Research Engineer who identifies threats and vulnerabilities, conducts research and analysis and validates issues to provide meaningful reports and relevant information to Global SIE organizations.

Facilitate work efforts related to vulnerability scanning appliance deployment, maintenance and patch management, and security operations across Global SIE teams in support of the Global Vulnerability Management Framework.

Use security, networking, and automation tools to enable early identification of threats to provide evidence-based security situational awareness, improved decision-making, and allow for timely threat mitigating actions.

Conduct detailed research and analysis of findings to eliminate false positives, provide mitigation techniques, and to significantly reduce time-to-remediation.

Build and publish remediation prioritization based on research, threat intelligence data as well as confidentiality, integrity, and availability requirements of SIE systems.

Facilitate implementation of security configurations and hardening settings for networks, operating systems, applications, databases, and other information system components.

Engage with partners, to include engineering and IT professionals, management, and auditors to Communicate security and compliance issues and ensure remediation.

Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls.

Perform continuous security validation testing for SIE network, cloud, and endpoint environments to provide improved visibility to our overall security posture.

Research and characterize risks to networks, operating systems, containers, applications, databases, and other information system components to facilitate implementation of configurations and hardening settings for these environments.

Provide remediation support to operations and service teams, ensure that vulnerabilities are mitigated or remediated within the timeframes specified in the SIE Global Vulnerability Management Standard.

Support multi-functional team efforts for asset management, tagging, and grouping.

Develop and demonstrate Proof of Concepts for identified vulnerabilities to convey business impact to partners and to distinguish true risk to SIE environments.

Evolve the Vulnerability Management toolsets and reporting to provide better vulnerability insight, create effective communications and meaningful reporting, and to automate vulnerability management-related operations and processes.

Find opportunities to improve asset inventories and better enrich vulnerability data. Conduct ongoing research to help validate completeness or identify “gaps”.

Collaborate with DevOps teams to improve security tool integration into CICD pipelines.

Ensure that documentation, data, assessment information, and Vulnerability Management program information are kept up to date.

Mentor, train, and assist personnel in the execution and use of new technologies, processes, and services.

Eligibility:

At least 5+ years’ experience in Information Security or Information Technology field.

Bachelor’s degree in Computer Science, Information Security, or equivalent experience.

Solid grasp of OS and software vulnerabilities and remediation techniques.

Experience working with multi-functional teams to track and deliver solutions.

Hands-on experience working with a variety of vulnerability management and network scanning tools, such as Qualys, Tenable Security Center, OpenVAS, Nmap, Nikto, etc.

Knowledge of both Windows and UNIX-based operating systems (i.e. Windows Server and client OS, RHEL, CentOS, Amazon Linux, MacOS), container technologies, and networking fundamentals.

Solid experience in offensive security, adversarial tactics, techniques, and procedures, and common attack patterns such as binary exploitation, memory corruption, race conditions, web attacks, etc.

In-depth knowledge of security standard methodologies, technologies and products and aim to continuously improve these skills.

Ability to script and program using Python or other similar scripting languages (i.e. Bash, Python, C, Java, JavaScript, Perl), notably for working with RESTful APIs.

Knowledge of CI/CD pipelines, Git or other version control systems, and cloud hosting environment’s (i.e. AWS) applicable security standard methodologies.

Knowledge of the PCI Data Security Standard (PCI DSS).

Good experience working with external teams to track and deliver solutions

Superb attention to detail individual able to efficiently analyze and resolve problems.

Strong verbal, communication, and diplomacy skills with all levels of the business.

Must be self-motivated, able to work independently, and multi-task effectively.

To Apply for this Job, Visit Official Website

Disclaimer: The Recruitment Information provided above is for informational purposes only. The above Recruitment Information has been taken from the official site of the Organisation. We do not provide any Recruitment guarantee. Recruitment is to be done as per the official recruitment process of the company or organization posted the recruitment Vacancy. We don’t charge any fee for providing this Job Information. Neither the Author nor Studycafe and its Affiliates accepts any liabilities for any loss or damage of any kind arising out of any information in this article nor for any actions taken in reliance thereon.