Senior Associate, Cyber​/IT Security, Infra VAPT, Technology and Operations

Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Purpose

Vulnerability Management is responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across operating systems, networks, middleware, endpoints, external perimeter, and containerized environments. The role requires hands-on experience with Rapid7 vulnerability management tools, system hardening, segmentation testing, and alignment with regulatory and compliance requirements

Job Duties & Responsibilities

Vulnerability Assessment & Management

Conduct regular vulnerability scans on:
Operating systems (Windows, Linux, Unix)
Network devices (firewalls, routers, switches)
Middleware and databases
Endpoints and servers
External / internet-facing assets
Perform authenticated and unauthenticated scans and validate scan results
Execute external vulnerability assessments (VA) and exposure analysis
Support network segmentation penetration testing and validation

Hardening & Secure Configuration

Review systems against CIS benchmarks and vendor hardening standards
Perform post-remediation validation scans
Validate secure configuration and patch compliance
Perform post-remediation validation scans
Coordinate with infrastructure, network, and application teams for vulnerability remediation

Container & Cloud Vulnerability Scanning

Conduct container image and runtime vulnerability scanning
Identify vulnerabilities in Docker and Kubernetes environments
Support vulnerability assessment of cloud workloads (AWS / Azure / GCP)

Risk Analysis & Reporting

Analyze vulnerabilities using CVSS scoring, exploitability, and business impact
Prepare vulnerability reports, dashboards, and SLA tracking metrics
Track remediation status and escalate overdue or high-risk vulnerabilities

Compliance & Audit Support :
Ensure vulnerability management aligns with:

RBI Cybersecurity Framework
ISO 27001
PCI DSS
NIST / CIS Controls
Support internal and external audits by providing evidence, reports, and remediation status

Core Competencies

Strong knowledge of OS, Network, Middleware, and Endpoint security
Vulnerability scanning and management lifecycle
Patch management and system hardening
Network segmentation concepts
Understanding of TCP/IP, ports, protocols, and common attack vectors
Effective in Communication, documentation and report writing skills
Ability to consult and validate solutions to mitigates risks to business and systems

Technical Competencies

VAPT - Rapid7, Nessus, Metasploit, Qualys Guard, Qualys / Tenable (Nessus) Nmap, CIS-CAT
Container scanning tools (Trivy, Aqua, Prisma Cloud – exposure acceptable)
Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking

Requirements

Minimum 5–7 years of experience in Vulnerability Management / Cyber Security Operations
Experience in enterprise or BFSI environments preferred
Familiarity with regulatory and audit requirements
Certifications (preferred but not mandatory): CEH, Security+, CISSP (or pursuing)

Education /

Preferred Qualifications

Graduation: BE IT/Computers/Electronics,

B.Sc - Computers, M.Sc - Computers
Post-Graduation: PGDIT, MCA, MBA

Primary Location

India-Maharashtra-Mumbai

Job

Technology

Schedule

Regular

Job Type

Full-time

Job Posting

Jan 30, 2026, 3:30:00 AM