Assistant Consultant
TCS
- Managed and executed comprehensive vulnerability scanning cycles using Qualys Cloud Agent and Scanner Appliances across diverse network segments.
- Advanced proficiency in the Microsoft defender vulnerability management (MDVM ) and Qualys VMDR (Vulnerability Management, Detection, and Response) platform , covering asset discovery, vulnerability assessment, configuration compliance, and remediation tracking.Oversight of vulnerability management workflow.
- Manage Cloud Agent a single, lightweight agent deployed on endpoints to perform multiple security functions .
- Conducted quarterly internal audits of the Defender deployment to ensure scanner health, correct agent functionality, policy efficacy, and adherence to licensing
agreements . - Generate scanning reports and identify vulnerabilities associated with client assets connected to network, mitigation, false positives, triage, and troubleshoot .
- Expertise in asset management, patch management, and vulnerability remediation strategies, including vulnerability scanning, compliance requirements.
- Demonstrated strong understanding of Common Vulnerability Scoring System CVSS, CVE, CPE, and its application within production vulnerability management environment.
- Managed a stringent, multi-stage remediation lifecycle utilizing segregated Staging and Testing environments to validate all patches and configuration changes before
deployment, ensuring zero operational disruption to critical production systems . - Proven ability to interpret OS-specific vulnerability data and coordinate remediation with respective infrastructure ,patching teams and misconfiguration identification .
- Reduced system exposure and improved the security posture by correcting misconfigurations related to user access controls, service permissions, and network protocol settings.
- Translated technical vulnerability data into actionable insights for business stakeholders, ensuring a shared understanding of risk and securing buy-in for timely
remediation efforts. Participated actively in daily stand-up sessions for the Security Release Train, providing real-time updates on vulnerability remediation status and identifying dependencies or roadblocks.