We have an exciting new opportunity for a Vulnerability Management (VM) Senior Analyst to join our Threat and Vulnerability Management (TVM) team. As a Vulnerability Management Senior Analyst, you will be responsible for performing key processes and technology for vulnerability scanning, management, remediation and tracking. You will also have responsibility for refining and expanding these processes and mechanisms for threat and vulnerability management.
Apply today via the link below or contact Cathie.McNeill@aoshearman.com for more information.
About the team
The firm’s ability to keep our clients’ data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world’s large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.
Led by our new CISO, Yolande Young, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman’s strategy to lead where global complexity creates opportunity.
In addition, you will have the opportunity to share and gain intel from the firm’s cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients’ cyber risk management and incident response programmes.
What you will do
Vulnerability Analysis & Risk Assessment
1. Analyse and validate identified vulnerabilities using existing tools and data sources, while proactively identifying new sources of intelligence.
2. Assist in confirming false positives.
3. Assess and categorise risks associated with vulnerabilities based on the potential impact to systems within the firm’s environment.
4. Evaluate, track, and review risk exceptions related to vulnerabilities which cannot be remediated, and advise on mitigating controls for such vulnerabilities.
Remediation & Collaboration
5. Oversee and track remediation efforts to ensure alignment with defined vulnerability management objectives and timelines.
6. Collaborate with the Security Operations Centre (SOC) and patch management teams to respond swiftly to zero-day vulnerabilities and critical threats.
7. Contribute to the management of process for remediating and mitigating zero-day vulnerabilities.
8. Support technology teams and asset owners in remediation activities, providing expert guidance on mitigation strategies and validating the effectiveness of implemented solutions.
Reporting & Governance
9. Design and maintain workflows, dashboards, reports, and configurations within vulnerability management tooling to support visibility and decision-making.
10. Contribute to the development, maintenance, and improvement of end-to-end vulnerability management policies, strategies, process flows, procedural documentation, and operational playbooks.
11. Ensure vulnerability management processes are maintained continuously, even in periods of change freeze.
12. Conduct regular analysis and reporting against KPIs and KRIs for vulnerability management, supporting operational and executive reporting activities.
13. Champion information security across the organisation and drive an evolved culture of risk awareness and mitigation.
Tools & Platform Management
14. Manage platform updates, releases, and enhancements, including conducting appropriate testing such as user acceptance testing (UAT) to ensure stability and functionality.
15. Design, configure, maintain, and test the firm’s vulnerability management tooling.
16. Monitor and report on the completeness of vulnerability management tooling coverage across the firm’s IT estate.
17. Conduct research and analysis on emerging vulnerabilities to understand potential exploitation paths within the system landscape and support prioritisation of remediation efforts.
18. Develop and deliver training materials and presentations on vulnerability management best practices.
What you will have
19. Strong understanding of security threat vectors and methods.
20. Excellent communication skills, including both written and verbal, with a good ability to work collaboratively with colleagues across the business.
21. Highly analytical person with ability to understand data flows, perform assessments, and infer conclusions.
22. Experienced vulnerability management background.
23. Operational level experience in some of these domains
Vulnerability scanning
Vulnerability management
Vulnerability remediation.
24. Experience of configuring, maintaining, and operating security toolsets, such as SIEM, SOAR and/or vulnerability management tools such as Nessus, Tenable or Qualys.
25. Strong understanding of the vulnerability landscape, security threats and compromise methods.
26. Extensive experience working in vulnerability management, security testing/assessment, or related field.
27. Experience with industry-standard security frameworks (e.g. ISO 27001).
28. Communication skills and ability to work collaboratively with colleagues to achieve a common security mitigation goal.
29. A willingness to learn and develop both technically and personally in the role.
30. A genuine passion for continuous learning and development in cybersecurity and vulnerability management, staying up to date with the latest developments, trends, and technologies in the field.
You will stand out if you bring
Professional security certifications such as:
31. Certified Ethical Hacker (CEH),
32. Certified Penetration Tester (CPT),
33. Certified Expert Penetration Tester (CEPT),
34. CompTIA+, or
35. Certified Information Systems Security Professional (CISSP).
36. Bachelor's or Master’s degree in Information Security, Computer Science, Engineering, Technology, or a similar degree.
What we can offer you
We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, online discounts and lifestyle management services.
Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.