Associate - IT Security/Infra - Banking

Vulnerability Assessment & Management:

- Conduct regular vulnerability scans on:

- Operating systems (Windows, Linux, Unix)

- Network devices (firewalls, routers, switches)

- Middleware and databases

- Endpoints and servers

- External / internet-facing assets

- Perform authenticated and unauthenticated scans and validate scan results.

- Execute external vulnerability assessments (VA) and exposure analysis.

- Support network segmentation penetration testing and validation.

Hardening & Secure Configuration:

- Review systems against CIS benchmarks and vendor hardening standards.

- Perform post-remediation validation scans.

- Validate secure configuration and patch compliance.

- Perform post-remediation validation scans.

- Coordinate with infrastructure, network, and application teams for vulnerability remediation.

Container & Cloud Vulnerability Scanning:

- Conduct container image and runtime vulnerability scanning.

- Identify vulnerabilities in Docker and Kubernetes environments.

- Support vulnerability assessment of cloud workloads (AWS / Azure / GCP).

Risk Analysis & Reporting:

- Analyze vulnerabilities using CVSS scoring, exploitability, and business impact.

- Prepare vulnerability reports, dashboards, and SLA tracking metrics.

- Track remediation status and escalate overdue or high-risk vulnerabilities.

Compliance & Audit Support: Ensure vulnerability Management Aligns with:

- RBI Cybersecurity Framework

- ISO 27001

- PCI DSS

- NIST / CIS Controls

- Support internal and external audits by providing evidence, reports, and remediation status