Senior Cyber Security Threat Engineer

Basic Information






IND Pune - Business Bay

Date published:


Job ID:


Travel Amount:


Description and Requirements

From core to cloud to edge, BMC delivers the software and services that enable over 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
BU Description:
You will need to have a strong knowledge and experience with vulnerability management and processes, network security, vulnerability scanning and configuration, along with Windows, Unix and Linux, cloud platforms, network devices such as firewalls, WAFs, IDS/IPS, etc. Along with your technical knowledge, attention to details and follow-up are core requirements to this role. 

This role will provide technical expertise across the entire life cycle of vulnerability management including asset management, scanning, threat intelligence, mitigating controls, analysis, and reporting. You will review vulnerabilities based upon footprint, threat intelligence and existing controls, in order to determine priority and risk ranking across the enterprise. You will be required to track and work with all support teams for patching and remediation across the enterprise and report to management status of patching deployments. 

The role requires the candidate to have experience in researching existing and newly emerging threats from various sources and determine impact and rating. You will work with all stakeholders, including infrastructure support groups, and businesses liaisons to prioritize patching and remediation efforts enterprise wide. 

Primary Roles and Responsibilities:

Collecting threat information from various sources including daily threat review meetings, identify the impact to BMC assets, and coordinate action plans with security teams, and other relevant stakeholders
Provide required escalation, prioritization, and visibility of threats based on impact analysis, and validate proper mitigation controls are in place until remediation activities are complete
Ability to collaborate extensively with assets owners to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.
Provide regular reports to management on the overall threat management program, and act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups.
Coordinate and monitor, management of vulnerabilities reported by third-party pen-tests, third-party monitoring tools, and from internal audits.
Provide leadership and direction on initiatives relating to information security and the Vulnerability Management Program. 
Develop, create, and drive current and new reporting methods of Intelligence analysis for the leadership team for purposes of situational awareness and making Intelligence actionable
Initiate, and lead a threat modelling, and threat hunting program within BMC

Experience/ Qualifications:
Bachelor’s/equivalent degree or higher in IT, CS, IS, with a focus in cyber security. Certifications a plus.
5+ years of experience in cyber security or information technology security role, with specialization in cyber threat intelligence
Demonstrated analytical skills to determine what threat and intelligence requirements can be gathered from what sources, what inferences or assumptions can be determined and project threat scenarios.
Strong understanding of network services, vulnerabilities and attacks. Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in configuration of web servers, file servers, and workstations
Previous experience working with SIEM technologies, threat hunting and pen-testing tools and technologies, and working with malware analysis
Strong written, communication and presentation skills along with the ability to work in a highly collaborative environment
Good understanding of information security threat landscape, and prior experience with threat modelling, and use of relevant tools and technologies
Generic understanding of security tools and services which operate at different levels delivering defence-in-depth capabilities. Knowledge of IDS/IPS, DNS, DCHP, DMZ architecture, Active Directory, Proxies, Cloud architecture technologies and VPNs to name a few. 
Demonstrated understanding of public cloud environments, vulnerability scanning and configuration in such environments
Understanding of the OWASP Top 10 vulnerabilities. Familiarity with 3rd party libraries and remediations
Candidates must be familiar with vulnerability attributes like CVEs, CVSS, and threat detection and hunting frameworks like MITRE ATT&CK framework.

Nice to Have
Understanding of IT security compliance frameworks like ISO, PCI, HIPPA, SOX
Identifies opportunities for process and technical security improvements in the environment.
Good deductive reasoning skills, creative thinker.
Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needs 
It is the policy of BMC Software to afford equal opportunity for employment to all individuals regardless of race, color, age, national origin, physical or mental disability, history of disability, ancestry, citizenship status, political affiliation, religion, gender, transgender, gender identity, gender expression, marital status, status as a parent, sexual orientation, veteran status, genetic information or other factors prohibited by law, and to prohibit harassment or retaliation based on any of these factors. BMC never asks for payment from individuals seeking employment with the company.

If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.