AddressLocation: UK - Nottingham | Job-ID: 207246 | Contract type: Standard | Business Unit: Cyber Security
Life on the team
The Vulnerability Governance Analyst role will manage processes to detect, prevent and correct vulnerabilities to devices in a customer’s environment. The SC-cleared analyst will aim to mitigate business risks arising from both regulatory & security noncompliance.
What you’ll do
- Integrate with customer and third-party security operations centre reporting as well as integration with security incident procedures • Build, manage and update Vulnerability Lifecycle Management Product Lists (VLMPLs) for all supported customers
- Responding to and helping to co-ordinate the response to Major Vulnerability incidents
- Sending out notifications and communications related to security vulnerabilities that affect multiple technologies
- Creation and ownership of vulnerability incidents – providing a “Start to Finish” level of incident management
- Proactive identification of vulnerabilities
- Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions
- Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology
- Working closely with technical and non-technical teams to coordinate changes and any emergency patching work that is required
- Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions • Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs
- Occasional site visits to meet stakeholders and to improve customer relationships
- Provide professional, business friendly communications, translating complex matters for various audiences
- Research the latest information technology security bulletins for Microsoft products and 3rd party applications
- Provide a repeatable process for assessing vulnerabilities detected through multiple sources within a business context, determining recommendations for how the vulnerabilities should be treated and reporting these to business stakeholders.
- Creation of Security improvements which would be managed via SIP plans to ensure security threats and vulnerabilities are appropriately identified and managed
- Perform validation and closure activities on completion of corrective mitigation actions
- Pro-actively logging incidents and changes to carry out remediation work and repeated security changes
What you’ll need
EssenIt is essential for a Vulnerability Governance analyst to have valid and existing SC clearance
- Knowledge/Understanding of operating systems and software security vulnerabilities
- Pro-active in finding solutions to problems and security improvements across customer’s environments
- Confident in co-ordinating mitigation actions across multiple resolver teams as well as presenting reports to business stakeholders such as Delivery Leadership
- Ability to work effectively as part of a team
Desired Skills
- Knowledge/Understanding of vulnerability management tools such as Tenable, Qualys VMDR or Microsoft Defender
- Awareness of: - Security best practice (ITIL, COMPTIA)
- - IT security and software vulnerabilities
- Experience in performing data analysis
- Experience in using PowerBI
About us
With over 20,000 employees across the globe, we work at the heart of digitisation, advising organisations on IT strategy, implementing the most appropriate technology, and helping our customers to source, transform and manage their technology infrastructure in over 70 countries. We deliver digital technology to some of the world’s greatest organisations, driving digital transformation, enabling people and their business.
