About the Role:
Trident Search are on the hunt for a Vulnerability Manager to join our clients Cyber Threat Intelligence function. Our client has offices all over the UK and their HQ based in Hertfordshire, they offer a degree of remote working.
As a Vulnerability Manager you will be responsible for the day-to-day delivery of the vulnerability management function, including its technology and processes. The role will be responsible for the identification, prioritisation and reporting of technical vulnerabilities, as well as providing expert support to operational delivery teams on the remediation of vulnerabilities.
What you’ll be doing
- Be responsible for operating the vulnerability management process.
- Be responsible for the day-to-day operation of vulnerability identification, assessment and alerting tooling.
- Identify, evaluate and prioritise vulnerability remediation activities across the business.
- Provide expert security guidance to support resolver teams in the remediation of technical vulnerabilities and weaknesses.
- Operate the vulnerability management process to ensure cooperation amongst all centralised and regional resolver teams.
- Analyse vulnerability intelligence feeds to inform and prioritise vulnerability remediation
- Operate as a technical vulnerability SME and support on the Group’s response to new major vulnerabilities affecting the business.
- Support in vulnerability investigation and analysis on cyber security incidents to support the Cyber Security Incident Response Team (CSIRT).
- Proactively measure the effectiveness of the vulnerability management process through monitoring and conformance to policy and standards (patch, configuration etc).
- Prepare regular, accurate and actionable reporting metrics to senior management and organisational stakeholders.
- Deliver vulnerability exposure reviews to technical resolver groups for their business areas across the group
- Support the cyber risk management function by verifying that vulnerability controls are delivered for assets and information systems, identifying where controls are not being met and the cyber exposure that results in.
- Support penetration testers in their delivery by providing accurate vulnerability analysis pre- and post-assessment.
- Support the CSG by ensuring vulnerability control requirements are delivered for assets and digital services.
What you’ll bring
- Experienced in vulnerability analysis and assessment, including the operation of risk-based vulnerability management.
- Experienced in the day-to-day operation of specialist security tooling for vulnerability identification and analysis (e.g., Tenable/Qualys/OWASP ZAP/MDE TVM etc.).
- Experienced in preparing threat and vulnerability briefings for management and technical resolvers.
- Practical experience in supporting IT operations including asset, configuration and patch management.
- Understanding of technical IT security best practices including endpoint security, network security, cloud security and the key vulnerabilities and threats affect them.
- Understanding of common IT enterprise technologies - Windows, Linux, cloud, networking platforms etc. and a desire to deliver success with new and evolving technologies.