About the Role: Working in the Information Security team you will focus on Vulnerability and Threat Management across the Next technology estate, with a particular focus on our Warehouse environment and the technology utilised within it to help maintain an awareness of new and emerging security threats and trends.
As a Senior Vulnerability Management Engineer you will:
* Identify, assess, validate and communicate new vulnerabilities across the technical teams, ensuring the vulnerability management process is followed.
* Work with other IT teams to provide guidance and recommend mitigation strategies for vulnerabilities.
* Help manage and configure vulnerability scanning and reporting tools, and administer Next’s Bug Bounty programme.
* Create reporting to summarise findings and recommendations for a variety of audiences.
* Lead the review of incoming threat intelligence, assess relevance and severity, and provide reports to senior stakeholders.
* Collaborate with Incident Response and Engineering to identify threat actors’ tactics and techniques; propose and support countermeasures.
* Mentor more inexperienced team members and coordinate efforts to mitigate significant threats or vulnerabilities.
* Participate in shift rota and attend the Enderby Head Office in Leicester monthly.
Key Responsibilities
* Manage and maintain vulnerability scanning and risk reporting tools.
* Lead planning, estimation, scoping and delivery of key projects, ensuring clear communication of progress.
* Complete security assessments and debrief key stakeholders on any apparent risks.
* Support remediation teams with remediation strategies and triage, risk assessment, logging and assignment of vulnerabilities.
* Assist Incident Response team with investigation and resolution of security incidents when required.
* Create and maintain operational procedures, configuration and technical documentation to a high standard.
* Manage and maintain metrics and reporting to demonstrate the effectiveness of the vulnerability management programme.
* Serve as subject‑matter expert for the Vulnerability Management team and coordinate efforts during emergency remediation or mitigation.
* Maintain awareness of new and emerging security threats and trends; test/validate threat intelligence findings against our people, processes and technologies.
* Review threat intelligence and advise on recommended mitigation strategies.
* Act as a mentor for junior members of the Vulnerability Management team.
About you
* Experience managing and maintaining a Vulnerability Management tool.
* In‑depth understanding of Information Security including malware, emerging threats, attacks and vulnerability management.
* Proven Information Technology experience with a strong understanding of network protocols and server infrastructure, including network segmentation.
* Experience with Windows Server and/or Linux.
* Ability to take a lead role in coordinating the timely diagnosis and resolution of major issues.
* Adheres to and promotes high standards of work.
* Understands and operates change management.
* A team player who is hardworking and self‑motivated.
* Possesses an inquisitive and proactive approach to identifying security gaps.
* Ability to plan and prioritise workloads, and to measure and report on current progress.
* Ability to remain calm under pressure and communicate clearly to all levels of management.
* Excellent attention to detail.
* Understanding of vulnerability and threat assessment frameworks such as CVSS, CVE, CWE, OWASP, MITRE.
* Operational Technology (OT) management experience in vulnerability scanning.
* Competent at keeping up to date on cyber threat intelligence (CTI).
Desirable
* Experience with security or compliance standards such as PCI‑DSS or ISO27001.
* Understanding and experience working for a Retail company.
* Foundational understanding of cloud‑based infrastructure.
* Relevant industry‑recognised security qualification.
* Understanding of DevOps architecture and code scanning.
* Offensive security experience.
* Experience managing SCADA/PLC systems and controlling warehouse equipment.
* Experience managing a Threat Intelligence Platform (TIP).
* Experience with Custom AI usage.
About Us
Next is a FTSE‑100 retail company employing over 35,000 people across the UK and Ireland. We’re the UK’s 2nd largest fashion retailer and, for kidswear, we’re the market leader. We operate over 500 stores as well as the Next Online, and we have expanded to more than 70 countries worldwide.
We aim to support all candidates during the application process and are happy to provide workplace adjustments when necessary. If you need support with your application due to a disability or long‑term condition, please contact us by email at headoffice_careers@next.co.uk (include “Workplace Adjustments” in the subject line) or call 0116 284 2486.
#J-18808-Ljbffr