Job Title: Vulnerability Assessment Engineer
Location: Gurugram, Haryana
Duration: Long-Term Contract
Client: ChargePoint
Company Overview:
- FLUIDECH, an ESCONET group company and a deemed public company, is a technology consulting and managed services firm specialising in cybersecurity.
- Founded in 2014 and headquartered in Gurugramand today with a client base spanning over 100 organisations worldwideFluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
- Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (DevOps), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each client's business goals.
- In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC's CAF, SEBI's CSCRF, and others.
Position Overview
We are seeking a highly skilled Vulnerability Assessment Engineer to lead our proactive defence strategy. In this role, you will be responsible for identifying, analysing, and mitigating security weaknesses across our global digital infrastructure, ensuring the integrity and availability of our information systems.
Job Overview:
- Vulnerability Discovery & Scanning: Execute comprehensive, regular scans of networks, systems, and cloud applications using enterprise tools like Nessus, Qualys, or Rapid7.
- Analysis & Prioritisation: Analyse scan results to validate findings, perform root-cause analysis, and prioritise vulnerabilities based on risk and CVSS (Common Vulnerability Scoring System).
- Remediation Management: Collaborate with IT and development teams to drive remediation efforts, providing clear technical guidance on patching and secure configuration.
- Policy & Compliance: Develop and maintain vulnerability management procedures and ensure compliance with frameworks such as NIST (800-53), PCI DSS, and ISO 27001.
- Performance Monitoring: Track and report on key performance indicators (KPIs) such as Mean Time to Remediate (MTTR), scan coverage, and vulnerability age.
- Threat Intelligence Integration: Monitor emerging threats and exploits to adjust assessment techniques and alert stakeholders of high-priority risks.
- Automation: Develop custom scripts (Python, PowerShell, Bash) to automate scanning workflows and data normalisation across various security platforms.
Essential Technical Skills
- Core Tools: Advanced proficiency in Nessus, Qualys, Nexpose, OpenVAS, and Burp Suite.
- Infrastructure Knowledge: Deep understanding of TCP/IP protocols, OS hardening (Windows/Linux/Unix), and network security (firewalls, IDS/IPS).
- Scripting: Competence in Python, PowerShell, or Bash for task automation.
- Cloud Security: Experience with cloud environments (AWS, Azure, or GCP) and container security (Docker/Kubernetes).
- Reporting: Ability to translate complex technical findings into actionable, professional reports for both technical staff and executive leadership.
Required Qualifications & Certifications
- Information Security & Penetration Testing (7+ years).
- Ethical Hacking & Security Research
- Education: Bachelor's degree in Cybersecurity, Computer Science, or a related field.
- Certifications: At least one major certification is preferred:
- CompTIA Security+ or CySA+ (Foundational).
- Certified Ethical Hacker (CEH) (Technical).
- Offensive Security Certified Professional (OSCP) (Advanced Practical).
- CISSP or CISM (Management/Strategic).
