Overview
We're seeking a Vulnerability Manager to join our expanding global security team‑an expert group dedicated to protecting our platforms, services, and operational environments from an ever‑evolving threat landscape.
Responsibilities
* Own and operate the vulnerability management process for Computacenter.
* Execute the roadmap for vulnerability management processes and technologies.
* Operate day‑to‑day vulnerability identification, assessment, and alerting tooling.
* Identify, evaluate and prioritise vulnerability remediation activities across the Computacenter group.
* Provide expert security guidance to resolver teams in the remediation of technical vulnerabilities and weaknesses.
* Support the vulnerability analysts.
* Ensure cooperation amongst all centralised and regional resolver teams across the group.
* Keep current on the latest cyber‑security threats, new vulnerabilities and the Tactics, Techniques, and Procedures (TTPs) used by threat actors.
* Analyse vulnerability intelligence feeds to inform prioritisation of remediation.
* Act as a technical vulnerability SME and support the group’s response to new major vulnerabilities affecting Computacenter.
* Support vulnerability investigation and analysis on cyber‑security incidents for the Computacenter Cyber Security Incident Response Team (CSIRT).
* Measure the effectiveness of the vulnerability management process through monitoring and compliance with policy and standards (patch, configuration, etc.).
* Identify opportunities for continual improvement of the programme.
* Prepare accurate and actionable reporting metrics for senior management and stakeholders.
* Deliver vulnerability exposure reviews to technical resolver groups across the business.
* Support the cyber‑risk management function by verifying that vulnerability controls are delivered for assets and information systems and by identifying gaps and exposure risks.
* Support penetration testers by providing accurate vulnerability analysis pre‑ and post‑assessment.
* Support the CTO with technical validation of security controls.
* Ensure vulnerability control requirements are delivered for assets and digital services.
Qualifications
* Demonstrable experience in information and cyber security, especially vulnerability management.
* Experience in vulnerability analysis and assessment, including risk‑based vulnerability management.
* Experience operating specialist security tooling for vulnerability identification and analysis (e.g., Tenable, Qualys, OWASP ZAP, MDE, TVM).
* Experience preparing threat and vulnerability briefings for management and technical resolvers.
* Practical experience supporting IT operations, including asset, configuration and patch management.
* Understanding of technical IT security best practices, including endpoint, network and cloud security and related key vulnerabilities.
* Understanding of common IT enterprise technologies – Windows, Linux, cloud and networking platforms – and a desire to deliver success with new technologies.
* Familiarity with information security standards and frameworks such as CIS, NIST, ISO 27001, Cyber Essentials (Plus), PCI DSS and GDPR.
* Knowledge of the MITRE ATT&CK framework.
* Knowledge of cyber threats, advanced persistent threats (APT) and associated TTPs.
* Experience with incident‑response and handling methodologies.
* Experience with risk‑management processes (assessment and mitigation).
* Recognised information‑security and/or information‑technology industry certification (CISM, CISSP, ISO 27001 lead implementer, Nessus/Qualys or equivalent/superior).
Equal Opportunity Employer
We are an equal‑opportunity employer. Your application will be considered on its merits, regardless of age, disability, ethnicity, gender identity or any other characteristic protected by law.
We are proud to be a Disability Confident Employer and welcome applications in alternative formats. We guarantee to interview applicants who have a disability.
#J-18808-Ljbffr