Expert: Cybersecurity, Vulnerability Operations Center (VOC)

Key Job Responsibilities: VOC - VI (Vulnerability Intelligence), ASM (Attack Surface Management) & VM (Vulnerability Management) Expert.

Environment / Context

Saint Gobain, world leader in the habitat and construction market, is one of the top 100 global industrial groups. Saint-Gobain is present in 68 countries with 171 000 employees. They design, manufacture and distribute materials and solutions which are key ingredients in the wellbeing of each of us and the future of all. They can be found everywhere in our living places and our daily life: in buildings, transportation, infrastructure and in many industrial applications. They provide comfort, performance and safety while addressing the challenges of sustainable construction, resource efficiency and climate change

Saint-Gobain GDI Group (250 persons at the head office, including 120 that are internal) is responsible for defining, setting up and managing the Group's Information Systems (IS) and Telecom policy with its 1,000 subsidiaries in 6,500 sites worldwide. The GDI Groupe also carries the common means (infrastructures, telecoms, digital platforms, cross-functional applications).

INDEC, the IT Development Centre of Saint-Gobain, is an entity with a vision to leverage India’s technical skills in the Information Technology domain to provide timely, high-quality and cost-effective IT solutions to Saint-Gobain businesses globally.Within the Cybersecurity Department, the Cybersecurity Vulnerability Operations Center mission is to Identify, assess and confirm vulnerability and threats that can affect the Group. The CyberVOC teams are based out of Paris and Mumbai and consist of skilled persons working in different Service Lines.

Mission

We are seeking a highly experienced cybersecurity professional to serve as an VOC Expert supporting the Vulnerability Intelligence (VI), Attack Surface Management (ASM), and Vulnerability Management (VM) teams. This role is pivotal in shaping the strategy, defining technical approaches, and supporting day-to-day operations—particularly complex escalations and automation efforts.

The ideal candidate will combine technical mastery in offensive security with practical experience in vulnerability lifecycle management and external attack surface discovery. The expert will act as a senior advisor and technical authority for the analyst teams, while also contributing to the design, scripting, and documentation of scalable security proceess.

The VOC Expert is responsible for:
• Vulnerability Intelligence (VI)
• Drive the qualification and risk analysis of newly disclosed vulnerabilities.
• Perform exploit PoC validation when needed to assess practical risk.
• Maintain and enhance the central VI database, enriched with (EPSS, CVSS, QVS, SG-specific scoring models, and EUVD)

Define and automate workflows for:
• Vulnerability qualification, exposure analysis, and prioritization
• Ingestion of qualified vulnerability data into the enterprise Data Lake
• Collaborate on documentation of VI methodology and threat intelligence integration
• Support proactive communication of high/critical vulnerabilities to asset and application owners

Attack Surface Management (ASM):
• Operate and enhance external asset discovery and continuous monitoring using ASM tools
• Integrate asset coverage data from CMDB, and other internal datasets

Design and implement scripts for:
• WHOIS/ASN/banner correlation Data enrichment and alert filtering
• Deploy and maintain custom scanning capabilities (e.g., Nuclei integrations)
• Provide expert input on threat modeling based on exposed assets and external footprint

BlackBox Pentesting:
• Maintain the service delivery of the BlackBox Pentesting platform
• Automate the export of pentest data and integrate into Data Lake and Power BI dashboards
• Define and document onboarding workflows for new applications
• Actively guide analysts in prioritizing pentest requests and validating results.

Vulnerability Management:
• Vulnerability review, recategorization, and false positive identification
• Proactive vulnerability testing and replay
• Pre-analyze and consolidate vulnerability data from various scanning tools
• Prepare concise syntheses of available vulnerabilities
• Offer guidance to the SO and CISO on vulnerabilities
• Collaborate with key stakeholders to develop strategies for vulnerability management
• Assist in defining vulnerability management KPIs and strategic goals
• Prepare concise, actionable summaries for high-risk vulnerabilities and trends

Automate testing actions:
• Develop scripts and tooling to automate repetitive and complex tasks across VI, ASM

and VM. Implement data pipelines to sync outputs from ASM/VI tools to dashboards and reporting

engines. Design streamlined workflows for vulnerability lifecycle—from detection to

closure. Collaborate with both offensive and defensive teams to support App managers and Asset managers in remediating vulnerabilities and issues.

Skills and Qualifications:
• Bachelor's degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus
• Proven experience (10+ years) working within the Cybersecurity field, with a focus on offensive security, vulnerability intelligence and attack surface analysis.
• Proven experience on Penetration testing actions (web application, infrastructure, …)
• Proven expertise in: CVE analysis, exploit development/validationExternal asset discovery & mapping

Threat modeling and prioritizationAdvanced knowledge of tooling such as:
• ASM platforms Nuclei, Shodan, Open Source CTI, vulnerability scanners (Qualys, Tenable, …)
• Pentester tools (Burp, SQLmap, Responder, IDA and Kali environment)
• Experience in investigating newly published vulnerabilities, assessing their risks, severity.
• Strong scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization
• Experience with Pentester tools (Burp, SQLmap and Kali environment)
• Strong technical skills with an interest in open-source intelligence investigations
• Experience building dashboards in Power BI or similar tools.
• Familiarity with data lakes, API integrations, and ETL processes.
• Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins
• Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders.

Personal Skills:
• Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience
• Excellent ability to think critically underpressure
• Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders
• Willingness to stay updated with evolving cyber threats, technologies, and industry trends
• Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures

Additional Information:
• The position is based in Mumbai (India)