Beschreibung
Our client is an international insurance group based in Vienna and is currently looking for a Specialist in the area Vulnerability and Patch Management (f/m/x)
Start: asap
Capacity: 100%, 6 M+
Location: Vienna, 100% remote
Language: English
1. Scope of Work
The external resource is expected to complete the following tasks:
• Data Processing and Report Generation:
o Review and analyze vulnerability and patch management data from surface monitoring report.
o Develop following types of reports:
? Team-Level Reports: Detailed technical reports with actionable insights for the teams responsible for remediation.
? Security Tactical Reports: Reports that show area of weakness, overdue rates in patching
? Executive-Level Reports: Summary for management, focusing on success rates of incident resolution and key security metrics like patching velocity and Vulnerability exposure & risk indicator per application / business unit.
• Jira Automation for Vulnerabilities:
o Develop and implement a process that automatically generates Jira tickets for each identified mitigation action / vulnerability based on predefined criteria (e.g., severity, risk level, and team responsibility).
o Ensure tickets include necessary details such as severity, impacted systems, remediation steps, and deadlines.
2. Technical Requirements
Data Processing and Reporting:
• Data Extraction and Analysis:
o Extract relevant data from the available data provided in Tenable and Cyberint report, focusing on vulnerabilities, incident resolution status, and trends.
o Ownership data for assets need to be queried via ServiceNow API or fed via XLS-sheet
o Categorize vulnerabilities by priority (critical, high, medium, low) and assign each to the respective responsible team.
o Ensure accuracy in data mapping and alignment with internal security teams' scope of responsibility.
• Report Creation:
o Team-Level Report:
? Must include actionable details for technical staff, such as:
? Vulnerability severity, impacted systems, and remediation timelines.
? Open vulnerabilities, pending actions, and unresolved incidents.
? Provide detailed information for each team, outlining their specific tasks for vulnerability remediation and follow-up.
o Executive-Level Report:
? Provide high-level KPIs for management, including:
? Vulnerability trends and remediation success rates.
? Mean Time to Resolution (MTTR) for each severity level.
? Incident closure rates and overall security improvements.
? Present data using visual elements such as charts, graphs, and trend lines to easily communicate performance to non-technical stakeholders.
Jira Automation for Vulnerability Management:
• Automated Jira Ticket Creation:
o Set up a process that automatically creates Jira tickets for each identified vulnerability from provided data provided by suppliers
o Each ticket at least should include:
? Vulnerability description and CVSS score.
? Assigned priority (critical, high, medium, low).
? Impacted assets or systems and remediation steps.
? Due dates for remediation based on the severity level.
? Assignment to the appropriate team or individual.
?
o Ensure proper integration between the data processing workflow and the Jira system to streamline the ticket creation process.
• Ticket Management:
o Automate the tracking of the ticket lifecycle, including status changes (e.g., open, in progress, resolved).
o Create notifications or escalations in Jira for overdue vulnerabilities based on predefined SLAs.
o Ensure that resolved vulnerabilities are automatically updated or closed within Jira once remediation is verified.
Start: asap
Capacity: 100%, 6 M+
Location: Vienna, 100% remote
Language: English
1. Scope of Work
The external resource is expected to complete the following tasks:
• Data Processing and Report Generation:
o Review and analyze vulnerability and patch management data from surface monitoring report.
o Develop following types of reports:
? Team-Level Reports: Detailed technical reports with actionable insights for the teams responsible for remediation.
? Security Tactical Reports: Reports that show area of weakness, overdue rates in patching
? Executive-Level Reports: Summary for management, focusing on success rates of incident resolution and key security metrics like patching velocity and Vulnerability exposure & risk indicator per application / business unit.
• Jira Automation for Vulnerabilities:
o Develop and implement a process that automatically generates Jira tickets for each identified mitigation action / vulnerability based on predefined criteria (e.g., severity, risk level, and team responsibility).
o Ensure tickets include necessary details such as severity, impacted systems, remediation steps, and deadlines.
2. Technical Requirements
Data Processing and Reporting:
• Data Extraction and Analysis:
o Extract relevant data from the available data provided in Tenable and Cyberint report, focusing on vulnerabilities, incident resolution status, and trends.
o Ownership data for assets need to be queried via ServiceNow API or fed via XLS-sheet
o Categorize vulnerabilities by priority (critical, high, medium, low) and assign each to the respective responsible team.
o Ensure accuracy in data mapping and alignment with internal security teams' scope of responsibility.
• Report Creation:
o Team-Level Report:
? Must include actionable details for technical staff, such as:
? Vulnerability severity, impacted systems, and remediation timelines.
? Open vulnerabilities, pending actions, and unresolved incidents.
? Provide detailed information for each team, outlining their specific tasks for vulnerability remediation and follow-up.
o Executive-Level Report:
? Provide high-level KPIs for management, including:
? Vulnerability trends and remediation success rates.
? Mean Time to Resolution (MTTR) for each severity level.
? Incident closure rates and overall security improvements.
? Present data using visual elements such as charts, graphs, and trend lines to easily communicate performance to non-technical stakeholders.
Jira Automation for Vulnerability Management:
• Automated Jira Ticket Creation:
o Set up a process that automatically creates Jira tickets for each identified vulnerability from provided data provided by suppliers
o Each ticket at least should include:
? Vulnerability description and CVSS score.
? Assigned priority (critical, high, medium, low).
? Impacted assets or systems and remediation steps.
? Due dates for remediation based on the severity level.
? Assignment to the appropriate team or individual.
?
o Ensure proper integration between the data processing workflow and the Jira system to streamline the ticket creation process.
• Ticket Management:
o Automate the tracking of the ticket lifecycle, including status changes (e.g., open, in progress, resolved).
o Create notifications or escalations in Jira for overdue vulnerabilities based on predefined SLAs.
o Ensure that resolved vulnerabilities are automatically updated or closed within Jira once remediation is verified.