Senior Vulnerability Management Engineer
Join to apply for the Senior Vulnerability Management Engineer role at Next
About the Role
Working in the Information Security team you will focus on Vulnerability and Threat Management across the Next technology estate, with a particular focus on our Warehouse environment and the technology utilised within it to help maintain an awareness of new and emerging security threats and trends.
You will be responsible for identifying, assessing, validating and communicating new vulnerabilities across the other technical teams, ensuring the vulnerability management process is followed. Where required you will work with other IT teams to provide guidance and recommend mitigation strategies for vulnerabilities.
As a Senior Vulnerability Management Engineer a knowledge of the MITRE Attack Framework would be advantageous. You will help manage and configure our vulnerability scanning and reporting tools as well as helping administer Next’s Bug Bounty programme.
You will create reporting to summarise findings and recommendations for a variety of audiences. You will take a lead in reviewing incoming threat intelligence to assess its relevance and severity in context to our business, and provide reports on threats of interest to senior stakeholders. You will work with the relevant teams to proactively assess, test and mitigate any risk.
You will maintain awareness of the changing threat landscape and industry standards. Proactively work with Incident Response and Engineering to identify tactics and techniques used by threat actors and opportunities to improve the security of our environment. Propose and support implementing suitable countermeasures for threats identified through intelligence, testing and objective validation.
You will mentor more inexperienced members of the team and take a lead role in coordinating and overseeing efforts to mitigate significant threats or vulnerabilities identified by the team. The role involves participating in a shift rota. A monthly visit to the Enderby Head Office in Leicester is required, with additional visits scheduled as needed by the business or management.
Key Responsibilities
* Manage and maintain Vulnerability scanning and risk reporting tools.
* Take a lead role in planning in the estimation, scoping and delivery of key projects, ensuring progress is clearly communicated.
* Identify, triage, risk assess and log vulnerabilities and assign remediation tasks to appropriate teams.
* Identify, execute and support requirements as part of RvB exercises.
* Support remediation teams with remediation strategies.
* Assist Incident Response team with the investigation and resolution of Security Incidents when required.
* Create and maintain operation procedures, configuration and technical documentation to a high standard.
* Manage and maintain metrics and reporting to demonstrate the effectiveness of the vulnerability management programme.
* Subject matter expert for the Vulnerability Management team and help coordinate efforts during emergency remediation/mitigation.
* Maintain awareness of new and emerging security threats and trends; test or validate threat intelligence findings against our people, processes and technologies; review threat intelligence and advise on mitigation strategies where appropriate.
* Mentor for more inexperienced members of the Vulnerability Management team.
About you
* Experience managing and maintaining a Vulnerability Management tool.
* In-depth understanding of Information Security including malware, emerging threats, attacks and vulnerability management.
* Proven IT experience with excellent understanding of network protocols and server infrastructure including network segmentation.
* Windows Server and/or Linux experience.
* Ability to lead in coordinating timely diagnosis and resolution of major issues.
* Adheres to and promotes high standards; understand and operate change management; team player, hardworking and self-motivated.
* Inquisitive and proactive approach to identifying security gaps; ability to plan and prioritise workloads and report on progress.
* Ability to remain calm under pressure and clearly communicate to all levels of management; excellent attention to detail.
* Understanding of vulnerability and threat assessment frameworks, such as CVSS, CVE, CWE, OWASP, MITRE.
* Operational Technology (OT) management experience in vulnerability scanning; CTI (Cyber Threat Intelligence) knowledge.
Desirable
* Experience with security or compliance standards such as PCI-DSS or ISO27001.
* Understanding and experience of working for a Retail company.
* Foundational understanding of Cloud-based infrastructure.
* Relevant industry recognised security qualification.
* Understanding of DevOps architecture and code scanning.
* Offensive Security experience; experience of SCADA systems, PLCs and warehouse control equipment.
* Experience of managing a Threat Intelligence Platform (TIP) and custom AI usage.
About Us
You know Next, but did you know we’re a FTSE-100 retail company employing over 35,000 people across the UK and Ireland. We’re the UK’s 2nd largest fashion retailer and for Kidswear we’re the market leader. At the last count we have over 500 stores, plus Next Online, and it’s now possible to buy online from over 70 countries around the world.
Benefits
* 25% off most NEXT, MADE*, Lipsy*, Gap* and Victoria's Secret* products.
* Company performance based bonus; Sharesave scheme; on-site Nursery available; OFSTED outstanding in all areas.
* Discounts at partner brands, Branded Beauty, staff facilities, digital health services, on-site parking.
* Apprenticeship opportunities; Direct to Work discounts; staff networks; Wellhub fitness memberships and more.
Conditions apply to all benefits. These benefits are discretionary and subject to change.
We aim to support all candidates during the application process and are happy to provide workplace adjustments when necessary. Should you need support with your application due to a disability or long-term condition, contact helpline or email for workplace adjustments.
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Engineering and Information Technology
Industries
* Retail
#J-18808-Ljbffr