We are seeking a highly skilled and detail-oriented Vulnerability Manager to lead our client's efforts in identifying, assessing, and remediating security vulnerabilities. The ideal candidate will have hands-on experience with vulnerability management tools such as Tenable and Snyk, a strong understanding of middleware technologies, and familiarity with programming languages like Java, Python, and JavaScript.
Your future duties and responsibilities:Key Responsibilities:
• Vulnerability Management: Manage the end-to-end vulnerability management lifecycle, including identification, assessment, prioritization, and remediation of vulnerabilities. In-depth understanding of vulnerability scanning and remediation processes. Familiarity with Tenable.io, Tenable.sc, or Nessus (Tenable's vulnerability scanning solutions). Ability to configure, customize, and interpret Tenable vulnerability scans. Familiarity with CVSS (Common Vulnerability Scoring System) for assessing and prioritizing vulnerabilities. Understanding of various types of vulnerabilities (e.g., XSS, SQL injection, buffer overflows, privilege escalation, etc.).
• Middleware Security Expertise: Assess and manage vulnerabilities in middleware components such as web servers (e.g., Apache, NGINX), application servers (e.g., Tomcat, WebSphere), and database servers (e.g., MySQL, PostgreSQL). Configuring Secure Middleware: The ability to harden and configure middleware to ensure security, such as securing the management interfaces, enabling secure communication (SSL/TLS), and applying access controls. Patching: Applying security patches and updates to middleware systems, especially when vulnerabilities like remote code execution (RCE), privilege escalation, and denial of service (DoS) are found. Knowledge of middleware-specific vulnerabilities such as directory traversal, XML External Entity (XXE) attacks, unauthorized access to resources, and cross-site request forgery (CSRF) in web servers. Ability to identify and mitigate vulnerabilities like insecure direct object references (IDOR), broken authentication, and session management issues in application servers.
• Programming and Code Review: Review application codebases written in Java, Python, and JavaScript to identify and mitigate vulnerabilities. Provide secure coding guidance to developers and support secure design practices.
• Risk Assessment and Reporting: Analyze vulnerability data to assess potential business impacts and prioritize remediation efforts. Create detailed reports and dashboards to communicate risk levels, remediation progress, and compliance with security policies.
• Cross-Team Collaboration: Work closely with DevOps, engineering, and infrastructure teams to drive security initiatives. Serve as a subject matter expert (SME) in vulnerability management during audits and compliance reviews.
Qualifications:
• Technical Skills: Proven experience with Tenable.io and Nessus for identifying vulnerabilities in networks, hosts, and applications, including middleware. Proven experience with Snyk Code, Snyk Open Source, and Snyk Container for identifying vulnerabilities in code, dependencies, and containers. Advanced knowledge of programming languages, as these are essential for resolving issues found in Snyk scans and middleware vulnerabilities. JavaScript, Python, Java, C/C++, Go, Ruby, PHP, .NET, and Kotlin. Familiarity with modern web development frameworks (e.g., React, Angular, Vue.js, Spring, Django, Flask) and how vulnerabilities manifest in them. Ability to resolve vulnerabilities in dependencies and third-party libraries in a codebase (e.g., npm for JavaScript, pip for Python, Maven for Java, etc.).
• Experience: 7+ years of experience in vulnerability management, application security, or related fields. Familiarity with secure coding practices, OWASP Top Ten, and security standards and compliance regulations (e.g., NIST, ISO 27001, GDPR, PCI-DSS, etc.) . Experience with CI/CD pipelines and tools like Jenkins, GitLab, or Azure DevOps is a plus.
• Soft Skills: Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills to work effectively with cross-functional teams. Ability to prioritize and manage multiple tasks in a fast-paced environment.
Education and Certifications:
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Relevant certifications such as CISSP, CEH, or OSCP are a plus.
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Come join our team—one of the largest IT and business consulting services firms in the world.