Our client is an international insurance group based in Vienna and is currently looking for a Specialist in the area Vulnerability and Patch Management.
Tasks
- The external resource is expected to complete the following tasks
- Data Processing and Report Generation
- Review and analyze vulnerability and patch management data from TSA, RIT and Cyberint surface monitoring report.
- Develop following types of reports
- Team-Level ReportsDetailed technical reports with actionable insights for the teams responsible for remediation.
- Security Tactical ReportsReports that show area of weakness, overdue rates in patching
- Executive-Level ReportsSummary for management, focusing on success rates of incident resolution and key security metrics like patching velocity and Vulnerability exposure & risk indicator per application / business unit.
- Jira Automation for Vulnerabilities
- Develop and implement a process that automatically generatesJira ticketsfor each identified mitigation action / vulnerability based on predefined criteria (e.g., severity, risk level, and team responsibility).
- Ensure tickets include necessary details such as severity, impacted systems, remediation steps, and deadlines.
Requirements
- Data Processing and Reporting
- Fluency in English
- Data Extraction and Analysis
- Extract relevant data from the available data provided by TSA, RIT in Tenable and Cyberint report, focusing on vulnerabilities, incident resolution status, and trends.
- Ownership data for assets need to be queried via ServiceNow API or fed via XLS-sheet
- Categorize vulnerabilities by priority (critical, high, medium, low) and assign each to the respective responsible team.
- Ensure accuracy in data mapping and alignment with internal security teams scope of responsibility.
- Report Creation
- Team-Level Report
- Must include actionable details for technical staff, such as
- Vulnerability severity, impacted systems, and remediation timelines.
- Open vulnerabilities, pending actions, and unresolved incidents.
- Provide detailed information for each team, outlining their specific tasks for vulnerability remediation and follow-up.
- Executive-Level Report
- Provide high-level KPIs for management, including
- Vulnerability trends and remediation success rates.
- Mean Time to Resolution (MTTR) for each severity level.
- Incident closure rates and overall security improvements.
- Present data using visual elements such as charts, graphs, and trend lines to easily communicate performance to non-technical stakeholders.
What they offer
- 100% Remote