Senior Application Specialist

Responsibilities: • Analyze vulnerability scan results from Qualys and security advisories to identify CVEs across Windows, Linux, Oracle Database, WebLogic, IIS, Apache, and cloud-hosted environments. • Perform CVSS-based risk assessment using exploitability data, asset criticality, and threat context to prioritize remediation. • Drive remediation of OS, middleware, database, and application vulnerabilities with infrastructure and application teams to meet remediation SLAs. • Track vulnerability lifecycle including closure validation, exception handling, and risk acceptance. • Identify and manage End-of-Life (EOL) technologies and define remediation or migration actions. • Analyze security logs and events from Splunk, NXLog, Microsoft Defender ATP, and system/application logs to detect anomalies and security issues. • Investigate incidents such as malware execution, phishing attempts, unauthorized access, and privilege misuse; perform root cause analysis. • Build and tune Splunk dashboards, correlation rules, and alerting logic for security and operational use cases. • Implement Data Loss Prevention (DLP) monitoring and reporting using SIEM-based analytics. • Perform privileged access reviews using CyberArk and SailPoint IdentityIQ, including entitlement validation and SoD checks. • Execute access remediation actions and enforce least privilege controls. • Implement and validate security controls aligned with MAS TRM, ISO 27001, NIST CSF, and SOX ITGC. • Provide audit evidence for vulnerability management, access governance, and control effectiveness. • Participate in CAB assessments for infrastructure, database, application, and cloud changes with focus on security impact. • Assess security risks in OS upgrades, database upgrades, and cloud migration activities (Azure / hybrid environments). • Coordinate patch deployment across Windows, Linux, and Unix environments and validate remediation through rescan verification. • Support DR testing, failover validation, and recovery verification for enterprise applications. • Develop automation scripts using PowerShell, UNIX Shell, SQL, Oracle PL/SQL, and SQLcl for vulnerability tracking, log extraction, and reporting. • Manage batch and job scheduling using CA Workload Automation and MFT tools (Connect, SFTP). • Work with Oracle, SQL Server, MySQL, and MongoDB environments for vulnerability validation, access checks, and configuration review. Requirements: • Bachelor's degree in computer science, Information Technology, Cybersecurity, or related discipline. • Min 10 years of experience in Application Support, Vulnerability Management, or Security Operations in BFSI environments. • Hands-on experience with Qualys, Splunk, Microsoft Defender ATP, CyberArk, and SailPoint IdentityIQ. • Strong experience in CVE lifecycle management, patch governance, and vulnerability remediation in enterprise environments. • Experience working with MAS TRM, ISO 27001, NIST CSF, and SOX ITGC controls. • Experience supporting Windows, Linux, UNIX, Oracle, WebLogic, IIS, and Azure/hybrid infrastructure. • Strong scripting skills in PowerShell, UNIX Shell, SQL, and Oracle PL/SQL. • Experience with Managed File Transfer (MFT), Connect, and enterprise job scheduling tools. • Understanding of MITRE ATT&CK and Cyber Kill Chain methodologies. • Experience supporting enterprise database platforms (Oracle, SQL Server, MySQL, MongoDB). • Professional certifications such as CISSP, CISM,CRISC, CompTIA Security+, or ISO 27001 Lead Implementer/Lead Auditor will be anadvantage