Job Summary: (Have to be based in Belgium)

We are seeking a highly skilled and experienced Senior IT Security Consultant, specializing in Vulnerability Management, to join our team at a leading pharmaceutical company. The ideal candidate will have a minimum of 5 years of experience in the field, a Bachelor's degree, and a deep understanding of vulnerability management processes and tools. You will manage and configure the Qualys environment and be responsible for driving the identification and management of vulnerabilities in UCB's systems together with the VM analysts. This role involves overseeing and assisting in various projects such as CIS benchmarks, VM automation, secure configurations (ESXi, Database, MS Defender), and firewall reviews.

Key Responsibilities:

1. Manage and Configure Qualys Environment:

   • Ensure effective vulnerability management by configuring and maintaining the Qualys environment.
   • Monitor and optimize vulnerability scanning processes.

2. Collaborate with VM Analysts:

   • Work closely with vulnerability management analysts to identify, assess, and prioritize vulnerabilities in UCB's systems.
   • Assist in developing remediation plans and tracking progress.

3. Run and Oversee Vulnerability Management Program & Campaigns:

   • Ensure timely and effective communication with IT stakeholders for patching, remediation, and lifecycle management.
   • Create detailed reports and dashboards to communicate effectively with stakeholders.

4. Drive and Assist in Various Security Projects:

   • Implement CIS benchmarks to enhance security posture.
   • Automate vulnerability management processes to streamline identification and remediation through basic scripting and APIs.
   • Ensure secure configurations for Windows, Linux, ESXi, databases, Microsoft Defender.
   • Conduct thorough firewall reviews to validate rule sets.

5. Stay Informed:

   • Keep up-to-date with industry best practices, emerging threats, and security trends.
   • Apply this knowledge to improve vulnerability management practices.

6. Provide Expertise and Guidance:

   • Offer insights on vulnerability management strategies, tools, and techniques.
   • Collaborate with cross-functional teams to enhance overall security.

7. Risk Assessments and Documentation:

   • Participate in risk assessments and security audits.
   • Develop and maintain documentation related to vulnerability management processes.
   • Document changes following ITIL best practices and work closely with compliance teams.

8. Continuous Improvement:

   • Act as a subject matter expert in vulnerability assessment tools.
   • Continuously optimize and refine vulnerability management processes.

Minimum Required Qualifications:

• Bachelor's degree in Computer Science, Information Systems, or a related field.
• Minimum of 5 years of experience in vulnerability management, including vulnerability assessments and penetration testing.
• Proficiency in Qualys VMDR, Microsoft Defender (TVM), and BitSight.
• Experience with basic scripting, API work, and automation.
• Knowledge of Power BI or other dashboarding/reporting tools.
• Familiarity with CIS benchmarks, secure configurations (Windows, Linux, ESXi, databases, defender), Azure, and containers.
• Familiarity with CVE, CVSS, EPSS.
• Experience with BMC Helix CMDB/ticketing system is a plus.
• General cybersecurity knowledge.
• Experience with common network protocols, operating systems, and application architectures.

Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work effectively in a team environment and independently.
• Familiarity with working in a validated (pharma-compliance requirements) system environment (e.g., ITIL change management processes and change management tools, documentation of work and system configuration).
• Ability to translate technical items (vulnerabilities, CVEs, exploits) and their impact on systems into easy-to-understand remediation tasks.
• Ability to document, keep track, and follow up on remediation efforts.

Certifications:

• Qualys certification and other relevant security certificates like CISSP, CEH, CISA are preferred.