Software Engineer

Responsibility

Perform remediation to mitigate in-scope vulnerabilities identified in the environment

Skills and Responsibilities

Patch management:

• Apply critical security patches and updates to Windows Server and Windows client operating systems promptly to address known vulnerabilities.
• Strong experience in Windows systems administration and infrastructure management.
• In-depth knowledge of Windows operating systems, Active Directory, Group Policy, and other Windows-specific technologies.
• Familiarity with vulnerability management processes, tools, and frameworks, such as CVE, CVSS, and Common Vulnerability Scoring System (CVSS).

Configuration hardening:

• Implement security best practices on Windows Server systems by configuring settings related to user accounts, network access, file permissions, and registry keys to minimize attack vectors.

Remediation planning and execution:

• Knowledge of Windows patch management methodologies and tools, including Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM), or similar systems.
• Familiarity with security standards and frameworks such as NIST, CIS, and ISO 27001.
• Develop remediation plans for identified vulnerabilities, including steps to address the issue, timelines, and responsible parties, and execute these plans effectively.

Incident response coordination:

• Collaborate with security teams during security incidents to identify the root cause of attacks related to vulnerabilities and implement necessary mitigation strategies.

Reporting and communication:

• Strong analytical and problem-solving skills, with the ability to assess the impact and severity of vulnerabilities and recommend appropriate remediation actions.
• Generate reports detailing the vulnerability landscape, remediation progress, and security risks to relevant stakeholders.

Technical expertise:

• In-depth knowledge of vulnerability remediation tools like SCCM, PatchMyPC, etc.
• In-depth knowledge of Windows Client Operating system
• In-depth knowledge of Windows Server operating systems, including security features, registry settings, and patching mechanisms.
• Vulnerability management tools: Proficiency in using vulnerability scanning tools especially Qualys
• Scripting and automation: Ability to write scripts (e.g., PowerShell) to automate vulnerability remediation tasks.
• Understanding of cybersecurity concepts like network security, access control, encryption, and threat modeling.
• Problem-solving: Ability to analyze complex security issues, identify root causes, and develop effective remediation solutions.
• Clear communication with technical and non-technical stakeholders regarding security risks and remediation plans.
• Relevant certifications such as Microsoft Certified: Azure Administrator Associate, Microsoft Certified: Windows Server, or Certified Ethical Hacker (CEH) are desirable