Vulnerability Management / SAM Specialist

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €29.8 Billion international wholesaler with operations in 31 countries through 661 stores & a team of 93,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website: https://www.metro-gsc.in
Company Size: 600-650 Headquarters: Pune, Maharashtra, India Type: Privately Held Inception: 2011

Responsibilities:

• Define and operate a formal Vulnerability Management Program and framework that defines the vulnerability priorities aligned with business criticality.
• Manage and maintain vulnerability scanning tools to identify security vulnerabilities in enterprise systems, networks, and applications.
• Refine scan results to identify and resolve any false positive findings, and produce vulnerability reports with actionable and prioritized information for system owners
• Perform risk-based prioritization of identified vulnerabilities. Collaborate with security analysts to conduct detailed assessments of critical vulnerabilities and develop mitigation strategy.
• Work with IT and cross-functional teams to develop and implement prioritized vulnerability remediation plans and timelines. Ensure timely patching or mitigation.
• Ensure that Metro's systems and applications are regularly updated with security patches to mitigate vulnerabilities and maintain a secure environment.
• Provide risk-based mitigation and remediation recommendations and guidance. Manage tracking and reporting on remediation progress to stakeholders and leadership.
• Stay updated on emerging threats and vulnerabilities through threat intelligence sources. Integrate threat intelligence into the vulnerability management process to address high-risk areas proactively.
• Develop baseline asset inventories and maintain owners for systems in the inventory.
• Define metrics and reporting to track program effectiveness and improvement. Develop and track key performance indicators (KPIs) for the vulnerability management program.
• Lead a team of security engineers, providing mentorship and performance management in improving and automating processes wherever possible.
• Ensure compliance with security frameworks (e.g., ISO 27001, SOX). Prepare for and support internal and external audits related to vulnerability management.

Technical & Soft Skills:

• Experience scaling an enterprise vulnerability program across multiple environments, driving owner accountability and prioritization
• Hands-on experience and knowledge of vulnerability management technologies and orchestration via SOAR or other platforms to automate vulnerability management program.
• In-depth knowledge across core domains – OS and Application Vulnerability Management, Container Scanning, and Patch Management.
• Well-versed in penetration testing, vulnerability scanning, and red teaming methodologies and frameworks such as OWASP Top 10 and CWE 25.
• Advanced understanding of technical information security concepts related to threat landscapes.
• Strong understanding of network protocols, operating systems, and security technologies.
• Experience in improving vulnerability prioritization models.
• Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.
• Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills.
• Very high attention to detail, with strong skills in managing/presenting data and information.
• Excellent communication, collaboration, and interpersonal skills
• Strong skills in documentation, including policies, standards, processes and procedures

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, SANS/GIAC) may be preferred.
• 7-11 years of relevant professional experience in a large multi-national organization or in a known MSSP.