Key Responsibilities:

• Coordinate with GRC teams to ensure security controls related to vulnerability and configuration management are implemented and monitored effectively.
• Develop and maintain policy and process documentation to support audit readiness and regulatory inspections.
• Support internal and external audits by providing evidence of VA/CA processes, results, and risk treatment plans.
• Track and document remediation activities related to audit and compliance findings.
• Ensure VA and CA programs align with organizational compliance requirements (ISO 27001, PCI-DSS, NIST, etc.).

Required Experience:

• 7+ years of experience required
• Proficiency in VA tools (Qualys, Tenable, Nessus, Rapid7).
• Hands-on with container security scanning tools (e.g., Trivy, Aqua, Sysdig Secure).
• In-depth knowledge of Docker, Kubernetes, container lifecycle, and orchestration security.
• Solid understanding of configuration assessment tools (e.g., CIS-CAT, SCAP).
• Strong grasp of OS internals (Linux, Windows), networking, and cloud platforms (AWS/Azure/GCP).
• Familiarity with DevSecOps concepts and CI/CD integration.
• Good scripting knowledge (Python, Bash, or PowerShell).
• Excellent analytical, documentation, and presentation skills.
• BE/BTech
• Preferred certifications: CEH, OSCP, CISSP, Kubernetes Security Specialist (CKS), or CompTIA Security+.