Vulnerability Manager
Location: UK - London, UK - Hatfield, UK - Milton Keynes, UK - Nottingham, UK - Reading | Job-ID: 216935 | Contract type: Standard | Business Unit: Cyber Security
Working as a Vulnerability Manager you will be responsible forthe day-to-day delivery of the vulnerability management function, including its technology and processes.This role willbe responsible forthe identification,prioritisationand reporting of technical vulnerabilities, as well as providing expert support to operational delivery teams on the remediation ofvulnerabilities.(100%)
Responsibilities
* Be responsible forowning andoperatingthe vulnerability management process for Computacenter.
* Execute the roadmap for vulnerability management processes and technologies.
* Be responsible forthe day-to-day operation of vulnerability identification,assessmentand alerting tooling.
* Identify,evaluateand prioritise vulnerability remediation activities across the Computacenter group.
* Provideexpert security guidance to support resolver teams in the remediation of technical vulnerabilities and weaknesses.
* Provide experienced support to the vulnerability analysts
* Operate the vulnerability management process across the Computacenter group to ensure cooperation amongst all centralised and regional resolver teams.
* Remain current on the latest cyber security threats, new vulnerabilities and the Tactics, Techniques, and Procedures (TTPs) used by threat actors exploiting them.
* Analyse vulnerability intelligence feeds to inform and prioritise vulnerability remediation.
* Operate as a technical vulnerability SME and support on the Group’s response to new major vulnerabilities affecting Computacenter.
* Support in vulnerability investigation and analysis on cyber security incidents to support the Computacenter Cyber Security Incident Response Team (CSIRT).
* Proactively measure the effectiveness of the vulnerability management process through monitoring and conformance to policy and standards (patch, configuration etc).
* Identifyopportunities for the continual improvement of the vulnerability management programme.
* Prepare regular,accurateand actionable reporting metrics to senior management and organisational stakeholders.
* Deliver vulnerability exposure reviews to technical resolver groups for their business areas across the group
* Support the cyber risk management function by verifying that vulnerability controls are delivered for assets and information systems,identifyingwhere controls are not being met and the cyber exposure that results in for Computacenter.
* Support penetration testers in their delivery by providingaccuratevulnerability analysis pre- and post-assessment.
* Support CTO with the technical validation of security controls.
* Supportour internal organisationby ensuring vulnerability control requirements are delivered for assets and digital services.
Qualifications
* Demonstrable experience in Information and Cyber Security; especially vulnerability management.
* Experienced in vulnerability analysis and assessment, including the operation of risk-based vulnerabilitymanagement.
* Experienced in the day-to-day operation of specialist security tooling for vulnerability identification and analysis (e.g., Tenable/Qualys/OWASP ZAP/MDE TVM etc.).
* Experienced in preparing threat and vulnerability briefings for management and technical resolvers.
* Practical experience in supporting IT operations including asset,configurationand patch management.
* Understanding of technical IT security best practices including endpoint security, network security, cloud security and the key vulnerabilities and threats affect them.
* Understanding of common IT enterprise technologies - Windows, Linux, cloud, networking platforms etc. and a desire to deliver success with new and evolving technologies
* Information security standards and frameworks including CIS, NIST, ISO 27001, Cyber Essentials (Plus), PCI DSS & GDPR.
* The MITRE ATT&CK Framework.
* Cyber threats and vulnerabilities.
* Advanced Persistent Threats (APT) and their associated Tactics, Techniques, and Procedures (TTP).
* Incident response and handling methodologies.
* Risk management processes (e.g., methods for assessing and mitigating risk).
* Recognised information security and/or information technology industry certification (CISM, CISSP, ISO27001leadimplementer, Nessus/Qualys or equivalent/superior).
As an equal opportunities employer, we’re committed to ensuring fair and equal access to opportunities for all. Your application will be considered on its merits, regardless of your age, disability, ethnicity, gender identity, or any other characteristics protected by law. What matters most to us is that you share our vision and values, and bring the experience and skills we’re looking for.
We are proud to be a Disability Confident Employer. We welcome applications from disabled people and accept applications in alternative formats. We also guarantee to interview applicants who have a disability.
#J-18808-Ljbffr