Life on the team
The Vulnerability Governance Analyst role will manage processes to detect, prevent and correct vulnerabilities to devices in a customers environment. The SC-cleared analyst will aim to mitigate business risks arising from both regulatory & security noncompliance.
What youll do
Integrate with customer and third-party security operations centre reporting as well as integration with security incident procedures
Build, manage and update Vulnerability Lifecycle Management Product Lists (VLMPLs) for all supported customers
Responding to and helping to co-ordinate the response to Major Vulnerability incidents
Sending out notifications and communications related to security vulnerabilities that affect multiple technologies
Creation and ownership of vulnerability incidents providing a Start to Finish level of incident management
Proactive identification of vulnerabilities
Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions
Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology
Working closely with technical and non-technical teams to coordinate changes and any emergency patching work that is required
Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions
Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs
Occasional site visits to meet stakeholders and to improve customer relationships
Provide professional, business friendly communications, translating complex matters for various audiences
Research the latest information technology security bulletins for Microsoft products and 3rd party applications
Provide a repeatable process for assessing vulnerabilities detected through multiple sources within a business context, determining recommendations for how the vulnerabilities should be treated and reporting these to business stakeholders.
Creation of Security improvements which would be managed via SIP plans to ensure security threats and vulnerabilities are appropriately identified and managed
Perform validation and closure activities on completion of corrective mitigation actions
Pro-actively logging incidents and changes to carry out remediation work and repeated security changes
What youll need
It is essential for a Vulnerability Governance analyst to have valid and existing SC clearance
Knowledge/Understanding of operating systems and software security vulnerabilities
Pro-active in finding solutions to problems and security improvements across customers environments
Confident in co-ordinating mitigation actions across multiple resolver teams as well as presenting reports to business stakeholders such as Delivery Leadership
Ability to work effectively as part of a team
Knowledge/Understanding of vulnerability management tools such as Tenable, Qualys VMDR or Microsoft Defender
Experience of Defender for Endpoint
Awareness of: S ecurity best practice (ITIL, COMPTIA)
IT security and software vulnerabilities
Experience in performing data analysis
Experience in using PowerBI
TPBN1_UKTJ