Vulnerability Analyst – 12 month fixed term contract
January 19, 2021
Summary of Role
12 month fixed term contract, with possibility to extend further.
The Junior Vulnerability Analyst will be responsible for operating the vulnerability scanning toolset, reviewing the output and applying analysis to provide a reduction of risk to the business, compliance with regulatory and customer obligations. Analysis will include identifying trends & patterns, advising on remediation approaches to provide appropriate timely remediation, and tracking remediation progress.
The role will work as part of a team who are focused on reducing the risk posed by vulnerabilities across the business. They will also work with people across the business who are responsible for remediating the identified vulnerabilities.
We are looking for a collaborative team player, with enthusiasm and technical knowledge in this area. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business.
- Review and analyse vulnerability data to identify trends and patterns, and link asset and vulnerability data
- Advise those responsible for remediation to enable the quickest reduction of risk
- Operate processes and procedures to uphold and ensure compliance with applicable policies & standards
- Operate the Vulnerability Management process including applicable change control, and security exceptions
- Produce, review and distribute consumable, relevant and actionable reporting
- Work with other security teams such as Global SOC and Threat Intelligence to identify elevated risks & recurring patterns and propose strategic actions to reduce risk.
- Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that vulnerabilities are understood and appropriately addressed.
- Strong work ethic and ability to self-manage tasks, workloads, priorities, and deliver outcomes, request support or direction when needed, and provide suggestions and improvements.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organisational mission, values, and goals and consistent application of this knowledge
- Technical expertise in frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP
- Experience in technical solutions such as vulnerability management tooling and Vulnerability remediation tools & techniques
- Skilled with system security principles (operating systems, applications) and Network principles
- Relevant vendor certifications
- (ISC)2 SSCP
- CompTIA Security+
Equal Opportunity Employer