We never ask for payment as part of our selection process, and we always contact candidates via our corporate accounts and platforms. If you are approached for payment, this is likely to be fraudulent. Please check to see whether the role you are interested in is posted here, on our website.

About TMF Group

TMF Group is a leading global provider of high-value business services to clients operating and investing globally. We focus on providing specialized and business-critical financial and administrative services that enable our clients to operate their corporate structures, finance vehicles and investment funds in different geographical locations.

TMF India is a Great Place to Work, ISO & ISAE certified organization.

About the Role

Vulnerability & Patch Management Lead

As a Vulnerability & Patch Management Lead, you will play a crucial role in safeguarding our organization’s digital assets. Your primary responsibility will be to identify and address vulnerabilities and patches across our networks, security devices, endpoints, operating systems, databases, middleware software, and applications. You’ll work closely with external vendors and internal IT teams to assess risks, mitigate vulnerabilities, and ensure compliance with industry standards. Additionally, you’ll be instrumental in shaping our security policies, processes, and guidelines.

Key Responsibilities:

1. Governance of Inventory of all software, hardware, and systems within the organization and assess them for vulnerabilities through regular scans.
2. Conduct vulnerability assessments using both commercial and open-source tools (such as Tenable, AWS, Microsoft, BurpSuite, Metasploit, SonarQube, and Checkmarx) for both cloud-based and on-premises systems.
3. Collaborate with external vendors to perform comprehensive penetration testing to identify potential weaknesses.
4. Collaborate with IT teams to enable and track proactive defense mechanisms such as patch management and ensure compliance and system security.
5. Work closely with internal IT teams to remediate vulnerabilities promptly and effectively.

6. Analyze scan reports and suggest remediation/mitigation plans.

7. Analyze and track mitigation efforts, ensuring timely closure of identified vulnerabilities.
8. Write reports on vulnerability findings, including recommended remediation steps.
9. Develop and maintain security policies, processes, and guidelines related to vulnerability management.

10. Ensure timely delivery of status updates and final reports to clients and handle queries.

11. Ensure compliance with industry standards (CIS, NIST, ISO) and meet SLAs (Service Level Agreements) for vulnerability management.
12. Provide leadership by guiding the team and fostering a culture of security awareness.
13. Utilize your critical thinking skills to review findings and recommend appropriate actions.
14. Leverage data analytics and tools like Power BI to gain insights into vulnerability trends and patterns.

Key Requirements:

• Ability to lead and collaborate effectively with cross-functional teams.
• Keen eye for detail and the ability to assess risks objectively and identify security gaps and potential risks.
• Proficiency in analyzing security data trends and drawing meaningful conclusions.
• Familiarity with using Power BI for data visualization and reporting.

• In-depth understanding on Common Vulnerability Exposure (CVE), CVSS and CERT advisory database.

• Participate in internal and external audits and present the findings related to VAPT and apprise on the progress as well as answer specific queries.
• Provide technical expertise and advice on multiple areas of security technology, including network security, platform security, authentication/authorization systems, application security, and security frameworks.

• Participate in and/or lead cross-functional major incident escalations to minimize service disruption and ensure continuity of service.
• Analytical thinker willing to “think outside the box” to resolve customer-impacting situations on first contact; understand customer risk profile.
• Keep track of new and existing vulnerabilities on various network security devices and applications for different vendors.

Key Knowledge and Experience:

• Vulnerability Management: Demonstrated expertise in risk-based vulnerability management having Integrated Threat Intelligence.
• Vulnerability Assessment Tools: Experience with tools like Tenable, AWS, Microsoft, BurpSuite, etc.

• Reconnaissance and Discovery Tools: Experience with tools like Amass, Nmap, Masscan, ZMap, DOMLink, recon-ng, etc.

• Penetration Testing Tools: Familiarity with Metasploit and other ethical hacking tools.
• Security Standards: Knowledge of CIS, NIST, and ISO security benchmarks.
• Cloud Security: Experience in securing cloud environments (e.g., AWS, Azure)
• Reporting and Documentation: Ability to write clear and concise reports.
• Automation: Familiarity with building scalable automation for security tasks.

• Improved Accuracy: Familiarity with threat intelligence and threat-hunting capabilities to make informed security decisions.

• Scripting Languages: Proficiency in languages such as Ruby, Go, and Python.
• Threat Intelligence: Knowledge of threat intelligence sources and practices.
• Bug Bounties: Experience with vulnerability disclosure and bug bounty programs.
• Certifications: CEH, CPT, OSCP, SANS GWAPT, CISSP preferred

Years of Experience -

• 10-12 years of relevant experience in vulnerability/ patch management, and penetration testing.

This role is critical for maintaining our organization’s security posture, and we’re looking for someone who can drive excellence in vulnerability management.

What's in it for you?

Pathways for career development

• Work with colleagues and clients around the world on interesting and challenging work.
• We provide internal career opportunities, so you can take your career further within TMF.
• Continuous development is supported through global learning opportunities from the TMF Business Academy. 

Making an impact

• You’ll be helping us to make the world a simpler place to do business for our clients.
• Through our corporate social responsibility program, you’ll also be making a difference in the communities where we work. 

A supportive environment

• Strong feedback culture to help build an engaging workplace.
• Our inclusive work environment allows you to work from our offices around the world, as well as from home, helping you find the right work-life balance to perform at your best.

Other Benefits

• Marriage Gift policy
• Paternity & Adoption leaves
• Interest free loan policy
• Salary advance policy
• Covid support taskforce
• Well being initiatives