Vulnerability Manager

As a central player in the digital transformation of the Belgian French-speaking public sector, ETNIC is involved in a variety of areas such as:

IT infrastructure management (networks, security, data centers, cloud),

The development of tailor-made business applications,

Support for digital projects (functional analysis, UX/UI, project management),

Cybersecurity and data protection,

User support and training.

With a constant concern for innovation, performance and public service, ETNIC regularly collaborates with external partners to strengthen its teams through IT consulting missions. These collaborations are part of an ethical, professional framework and oriented towards the quality and concrete impact of the solutions delivered.

2. Mission

1. Context of the mission

As part of the strengthening of the cybersecurity posture, ETNIC wishes to enlist the services of a Vulnerability Manager consultant.

The target environment is based on the ServiceNow – Vulnerability Response tool, used as a central vulnerability management tool, in integration with external scanners (including Rapid7).

2. Objectives of the mission

The mission of the Vulnerability Manager consultant aims to:

Sustainably improve the reduction of critical vulnerabilities, especially on Linux, Windows, Middleware, and network environments

Strengthen managerial visibility on detected vulnerabilities, their assignment and their treatment

To make the use of ServiceNow Vulnerability Response more reliable and structured as a single repository

Address organizational and operational irritants identified in current processes (delays, exceptions, detection noise, responsibilities)

3. Scope of the mission

The consultant is involved in the transversal management of vulnerability management, covering in particular:

server environments (Linux, Windows),

Middleware components, databases, applications and associated infrastructures,

Remediation, follow-up, and exception processes within ServiceNow.

The mission is not limited to operational patching, but aims at steering, coordinating and continuously improving the system.

4. Key Responsibilities

Based on the roles and processes documented within ETNIC, the Vulnerability Manager consultant is responsible for:

4.1 Steering and governance

Ensure a global vision of the risk posture related to vulnerabilities;

Monitor the status of active vulnerabilities, their criticality and their evolution over time;

Ensure alignment with existing organizational policies and procedures

4.2 Gestion via ServiceNow Vulnerability Response

Exploiter et structurer l’utilisation de ServiceNow Vulnerability Response :

Vulnerable elements,

Remediation tasks,

Exception management,

Managerial dashboards

Improve the quality and relevance of data from integrated scanners (e.g. Rapid7).

4.3 Coordination of actors

act as a cross-cutting coordination point between:

Technical teams (Linux, Windows, middleware, etc.),

Vulnerability analysts, security team

ITIL managers: CMDB, changes, incidents...

Remediation managers;

Serve as an escalation point when blockages appear in processing processes

4.4 Continuous Improvement

Analyze the identified irritants:

Recurrent or generic vulnerabilities,

Discrepancies between publisher versions and OS versions (especially Red Hat libraries),

Pollution related to stored but unused components;

Propose process improvements, without unilateral changes to existing tools or rules.

5. Expected deliverables

The deliverables expected from the consultant include:

Consolidated monitoring dashboards for management;

Situation reports on critical and off-target vulnerabilities;

Recommendations for improving vulnerability management processes;

Documentation to support the appropriation of ServiceNow Vulnerability Response.

6. Skills and expected profile

The consultant will have to demonstrate:

Proven experience in vulnerability management in complex environments;

Mastery of Vulnerability Management / Vulnerability Response processes;

Ability to work with tools such as ServiceNow Vulnerability Response and vulnerability scanners; Prior knowledge is an asset

A strong aptitude for cross-functional coordination and managerial reporting.

7. Positioning in the organization

The Vulnerability Manager consultant is involved:

Within the Infrastructure department, in support of the Middleware, Servers, Telecom competence centers

In coordination with the team that manages the NIS2 file within Etnic

In coordination with the ITIL team that manages the ServiceNow platform, exchange management (RFC) and monitoring