Sr Vulnerability Management Analyst

JOB DESCRIPTION

About the Role:

The Sr. Vulnerability Management & Assurance Analyst plays an integral role in the protection of the brand and works directly with the Director of CyberFusion Center and the broader Global Information Security (GIS) team to design, implement and operate the vulnerability management strategy, priorities, and directives consistent with the vision of the CISO across Levi Strauss & Company globally.

The Sr. Vulnerability Management & Assurance Analyst will take a lead role in safeguarding LS&Co.’s information and technology assets, critical suppliers, and consumers against the evolving threat landscape, allowing LS&Co. to make threat informed cybersecurity decisions to strengthen LS&Co.’s cybersecurity posture.

This position will work on LS&Co’s Vulnerability Management program and is responsible for implementation and operation of VM tools and processes that identify and communicate patch status and risks of systems and applications across the enterprise. The position will also manage SAP security and assessment tools.

Additional Role Responsibilities:

• Coordinating the development and operational processes of the Vulnerability Management program, including systems, networks, and applications. This will include patch remediation, inventory, and Risk management.

• Assists in the detection, containment and analysis of information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.

• Develop, implement, and operate Attack Surface Management program to reduce exposure and improve overall security posture.

• Liaises with other security practitioners, and technology leaders to share best practices and insights.

• Drive continuous and proactive assessment processes that alert LS&Co to potential or actual cybersecurity vulnerabilities involving systems, critical assets, or applications.

• Manage and improve Onapsis SAP security and assessment system.

• Develop and maintain TVM and remediation metrics to guide efforts and allocate resources in improving security posture.

• Work with intelligence partners to research and monitor relative and pertinent advanced persistent threats, underground forums, chat channels, and social media, threat actors impactful to LS&Co.

• Encourage cross-functional collaboration and knowledge sharing among team members to enhance problem-solving capabilities and promote a culture of continuous learning.

• Provide mentorship and support to team members, facilitating their career development and advancement within the organization.

• Experience working with ServiceNow or similar case management tools.

To thrive in this role, you have

• 5+ years of experience in Security and Vulnerability Management

• Detailed knowledge of all aspects of Vulnerability Management processes, tools, metrics, and reporting

• Experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response.

• Comprehensive experience with all aspects of ERP Vulnerability Management and security and associated tools and processes.

• An understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques. Ability to identify tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.

• Experience in Attack Surface Management (ASM) tools and implementation.

• Ability to understand and articulate complex vulnerability information to both technical and non-technical audience.

• Experience performing basic scripting tasks using only what is found in the environment, such as BASH, PowerShell, Python, Perl, or other native scripting languages a plus.

• Ability to drive performance and develop teams - recruit diverse talent, run disciplined performance reviews, and regularly collaborate and check-in on priorities to help focus on key results.

• Advanced knowledge of performance metrics and reporting and risk management

• Relevant security expertise and understanding in a broad array of security technology areas including:

  • Application Security (S-SDLC, DevSecOps, and Automation)

  • Risk, Compliance, and Security Management

  • Security Operations and Incident Response

  • Data Classification, Encryption, and Protection

  • Embedded, Control, and IoT Device Security

• A strong moral compass, high integrity, and accountability are vital to be a successful in this role

• Endpoint security, email security, DNS and cloud security experience

Education

• Bachelor's or Master's degree in computer science, information systems, cyber security or a related field; or equivalent professional experience.

• Ethical hacking certifications, CISSP or equivalent certifications and experience

LOCATIONBengaluru, IndiaFULL TIME/PART TIMEFull timeCurrent LS&Co Employees, apply via your Workday account.