Pradeep B S

• Led the implementation of the Global Vulnerability Management Lifecycle Policy at News Corp, using Qualys to streamline vulnerability detection, risk analysis, and remediation processes.
• Implemented a new Qualys scanner appliance to meet specific business requirements, ensuring enhanced network coverage and improved vulnerability detection.
• Responsible for the daily operational work related to vulnerability management. VM-Scan scheduling and monitoring Scan reports, dashboards, and triage.
• Facilitated weekly meetings with stakeholders and business units to review remediation progress, followed up on open vulnerabilities, and coordinated with vendors and support teams to validate remediation efforts, address false positives, and ensure accurate vulnerability closure.
• Onboarded AWS cloud infrastructure to Wiz, enabling real-time visibility into vulnerabilities and misconfigurations across multi-account environments.
• Created and managed CIS Benchmark compliance policies for Windows and Linux environments, leading to 90% compliance adherence.
• Implemented File Integrity Monitoring (FIM) for Critical Servers: Designed and deployed a new FIM configuration for servers to meet business requirements, ensuring enhanced monitoring and security compliance.
• Established automation to activate cloud agents and FIM for dynamic AWS systems using AppIDs.
• Conducted training sessions to improve team awareness of vulnerability management tools and processes and Documented SOPs for vulnerability Assessment.

• Responsible for the daily operational work related to vulnerability management. VM-Scan scheduling and monitoring Scan reports, dashboards, and triage.

• Experience in working with vulnerability management or threat intelligence tools such as Qualys Guard, Qualys VMDR, and Nessus. Implement full infra vulnerability lifecycle management, including identification, correlation, assessment, remediation, and reporting.

• Handling production/non-production handover (PHP) changes in audits involving vulnerability remediation, policy compliance, log monitoring, antivirus, and integrity checks along with project management.

• Identifying false positives from the scan results. Respond, troubleshoot, and implement changes related to IVM (Infrastructure Vulnerability Management).

• Preferred experience with compliance regulations,SLAs, KPIs, and supplier governance concepts.

• Interfacing with cyclical patching teams and interlinked control areas to help drive remediation planning and "Path to Green" discussions to ensure vulnerability remediation remains compliant with SLAs.

• Collaborating with the platform teams, who are responsible for the global demise and decommissioning process (of servers and systems), to prioritise time-sensitive decommissions, ensuring these are successfully completed and supported by the relevant vulnerability remediation's.

• Involved in audits (SOC2, PCI DSS), both internal and external, and successfully completed..

• Deployed and configured the Qualys scanner appliances. Identified the assets and scanned them for vulnerabilities, including port scanning and port exclusions.

• Conducted On a monthly basis, governance calls with the client and discusses the current and future patching cycles and remediation. and also progress outstanding items for process review and improvement.

• Participate in incident response activities (using the ServiceNow tool) when needed, supporting the investigation and remediation of security incidents related to vulnerabilities.

• Creating different scan profiles, report profiles, and search lists in the Qualys console. and working on both scheduling the scans and ad-hoc requests.

• Scanning the devices in both authenticated and unauthenticated ways according to the requirements. and using Qualys agents and an IP-based approach to scan the devices as per the requirement.

• Creating different configuration profiles and activation keys for deploying Qualys agents across.

• Currently managing the vulnerability lifecycle across the client assets (more than 3k servers and more than 60k laptops and workstations) for multiple projects.

• Identifying vulnerabilities based on the high severity ratings (Sev 4 and 5) and pushing them for remediation. I made sure of the SLA involved with control operations.

• Followed up with the respective business units on the vulnerability remediation's. Work with vendors and support teams to validate vulnerability migrations and false positives when needed.

• Conducted weekly meetings with the different stakeholder groups and business units to understand the current position with respect to the remediation activities.

• I worked with a risk- and compliance-based approach to remediation of Qualys agent-related issues.

• Prepared the SOP and SOA based on the findings identified and applying the required controls.

• Involved in continuous learning and sharing knowledge for wellbeing of the company.