Tech Lead Vulnerability Management

Job description

JOB ENVIRONMENT

With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio.

As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society.

To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders.

As an integral part of AXA, at AXA Group Operations (AXA GO) we create innovative technology and data solutions to help AXA fulfil its ambition of being a customer-focused, tech-led company.

AXA GO is a young and dynamic division launched in 2019 and comprises 8,000 employees across 17 countries all around the globe from Paris, France to Pune, India.

We are the ones providing advice, steering technological choices and giving AXA access to innovations that will support its transformation into a customer-centric tech-led company.

For this, we work in close partnership with all AXA entities.

PRESENTATION OF THE CONTEXT AND AXA GROUP SECURITY

Throughout AXA, the security community represents 1000 security professionals, working daily to protect our employees, customers, operations and brand.

Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety.

Our security mission is to ensure that AXA is safe, secure and resilient.

AXA Group Security, as part of AXA GO, defines the security strategy, standards and provides assurance to the Group on the security maturity of all entities across AXA.

In its role, it also supports our professional family in entities in maintaining their security posture and respond and coordinate responses to crisis.

This is accomplished through four strategic levers:

Safe: It is about our people, have them ready to face security challenges including third parties, health professionals

Secure: Secure the business of today and tomorrow, by increasing security effectiveness on a risk-based approach for all entities.

Resilient: Enhance anticipation, detection and reaction capabilities in case of events & Security by design

Simple: Simplify, converge and automate our services and activities

The Cyberdefense Product and project team is responsible for creating and updating the tactical product roadmap, managing the operations of the security products, in addition to enhancing product capabilities to execute the strategy defined by Group Security and deliver Cyber products to the AXA entities.

The Cyberdefense Product team oversees:

·The management and the evolution of existing class 1 (mandatory) products named Vulnerability Management and Compliance Management.

·A product is the combination of a Team, supporting information security Processes, operating a technology (Vulnerability and compliance scanning technology) and tools.

Our missions are to:

·support our business strategy and digital transformation, AXA is setting up a new information security practice to ensure a coordinated response to the increasing threat of cybersecurity in Cloud environment (Public and Private)

·The team performs and scheduling compliance and vulnerability scans on AXA network activity and infrastructure and generating reports to different teams (such as server admins, network administrators in order to mitigate scanned vulnerabilities).

Our goals are to:

·Deliver Security compliance measurement to AXA group

·Improve remediation activities using automation and technology

·Deliver high quality services to AXA group

POSITION MAIN ACTIVITIES

As Technical lead, you will

·Develop and adapt products vision and roadmap in collaboration with the product manager and by discussing with customer / end-users

·Contribute to the product backlog delivery, such as new feature and improvement, its delivery and its quality

·Manage and optimize on a day-to-day basis AXA global vulnerability management platform

·Lead major product and platform evolutions to support Security Operation Center (SOC) and Vulnerability Operation Center (VOC)

·Lead “proof-of-concept” and represent AXA as a leading business partner with our third parties/vendor

·Help evaluate business value and benefits of technical features

·Determine whether a technical backlog item was satisfactorily delivered

·Contribute to the day-to-day LOA (run) activities, leading by example

·Ensure a high level of Quality-of-service (QoS) for AXA internal customers

·Be a leader for the team and for AXA in term of expertise on the product technology and IS security process, aka Vulnerability management

·Ensure transparency into the upcoming work of the team

·Involve all relevant stakeholders (architecture, entities, security, data privacy etc.) to ensure technical feasibility

·Coordinate internal resources and third parties/vendors for the flawless execution of projects

·Raise alert and identify solution to ensure on time delivery

·Evangelize within and outside AXA about the solutions you develop and market them accordingly

·Regular reporting of progress, risks, and issues towards the product manager and other stakeholders

·Participate to Product governance and meetup

Team structure: The team is led by one Product manager, and 4 people (FTE) for the LOA (run) activity and about 3-4 people part of the team on dedicated strategic project.

We are looking for a team member that will support Cyberdefense Product manager as technical lead role.

One of our target is to stay at the “state of art” of security while helping the team to be more agile.

Experience

·Hands-on experience with vulnerability management tools ( Kenna, Tenable, Qualys, Vulcan, Hackuity etc.)

·Experience in implementing Hardening controls based on Security Industry Standards, such as CIS Benchmarks.

·Experience in Private and Public Cloud Security 

·Understanding of Workload Protection, including Servers, Workstation, Containers

·Experience using an ITSM tool such as ServiceNow

·Strong fundamentals in networking protocols and troubleshooting

·Knowledge of hacking techniques, cyber threats and security trends

Education 

·Post-graduate degree in IT or a closely-related subject to IS Security.

Certification

·A certification in relation with Vulnerability Management is highly desired

·ISC² CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional)

Overall work experience in the fields

·Experience in Security > 3 years (required)

·Experience in Security product day-to-day management (required)

Skills

·Work on maturing vulnerability management & Compliance program services and processes

·Develop and improve KPIs, metrics, and trend analysis for vulnerability management features

·Take part of the implementation and operational best practices while taking ownership of tasks and/or project workstreams

·PowerShell and Python scripting skills

·Analytical thinking, time management and coordination skills

Language

·Fluent in English is a necessity (including technical Information security English)

Would youlike to wake up every day driven and inspired by our noble mission and to worktogether as one global team to empower people to live a better life?

Hereat AXA we strive to lead the transformation of our industry.

We are looking fortalented individuals who come from varied backgrounds, think differently andwant to be part of this exciting transformation by challenging the status quoso we can push AXA - a leading global brand and one of the most innovativecompanies in our industry - onto even greater things.

In afast-evolving world and with a presence in 64 countries, our 166,000 employeesand exclusive distributors anticipate change to offer services and solutionstailored to the current and future needs of our 103 million customers.

At AXA, welead an HR policy that encourages diversity, maintains your professional andprivate life balance and accelerates the skills and career development:promotion of diversity, remuneration policy, training device, ...

Discovereverything that makes AXA an employer of choice.

Whateveryour job is, we strive to offer you career opportunities.

Our goal is todevelop your skills to support the transformation of our changing business.

Required Skill Profession

Computer Occupations