a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }

1. Vulnerability Identification & Assessment

• Perform vulnerability scanning
• Analyze and validate vulnerabilities in the context of application architecture, APIs, integrations, OS configurations, and middleware.
• Evaluate CVSS scores, exploitability, and real‑world applicability to the application.
• Prioritize application and server vulnerabilities based on ITRM policies, business criticality, and threat intelligence.

• Act as the primary security owner for the application.
• Review application code, APIs, and data flows to identify security weaknesses.
• Enforce best practices aligned with OWASP Top 10, SANS CWE Top 25, and secure coding standards.
• Work with developers to ensure security defects are remediated as part of the SDLC.

• Own the lifecycle of patching for OS, middleware, DB components, app servers, and supporting infrastructure.
• Collaborate with infra/ops teams to ensure timely, accurate, and compliant patch deployments.
• Maintain and track patch compliance against internal ITRM standards and external regulatory requirements.
• Validate patches in lower environments, assess compatibility with the application, and plan patch windows to reduce downtime.
• Ensure all missing patches—critical, high, and medium—are remediated within SLA.

• Ensure the application meets internal IT Risk Management (ITRM) and audit expectations.
• Maintain audit-ready documentation, including risk exceptions, evidence, and remediation plans.
• Track SLA adherence for vulnerability closure (e.g., Critical < X days, High < Y days).
• Support internal and external audits, providing artifacts and technical justifications.
• Identify and document risk exceptions where remediation is not feasible.

• Interpret vulnerability findings and provide actionable remediation guidance to engineering and infra teams.
• Facilitate triage meetings with developers, infrastructure, and DevOps teams.
• Validate implemented fixes and ensure vulnerabilities are fully resolved.
• Track and escalate overdue vulnerabilities and patch failures.

• Partner with SOC/SIEM teams to enhance monitoring of application/server security events.
• Contribute to threat modeling, baseline security controls, and hardening guides.
• Drive continuous improvement in vulnerability management processes, automation, and tooling.
• Recommend security improvements to server configurations, network controls, and application design.

• Participate in security incident investigations impacting the application or servers.
• Provide root cause analysis (RCA) for recurring vulnerability or patching failures.
• Recommend long-term fixes to eliminate systemic issues.

• Strong knowledge in:
  • Vulnerability scanning
  • Patch management
  • Middleware patching (WebLogic, Tomcat, IIS, Apache, Nginx)
  • API & application security
  • Secure configuration/hardening (CIS Benchmarks, STIG)
• Understanding of:
  • Secure SDLC
  • Identity & access (OAuth2, JWT, SSO)
  • Encryption, certificates, network security, firewalls
• Ability to interpret:
  • CVSS scores
  • CIS controls
  • Compliance frameworks (PCI‑DSS, GDPR, ISO 27001)