Corporate - Wtw
,
Reigate, Surrey
Senior Vulnerability Analyst - FTC
Overview
Job Description
Summary of Role 12 month fixed term contract, with possibility to extend further. The Senior Vulnerability Analyst will be responsible for operating the vulnerability scanning toolset, reviewing the output and applying detailed analysis to provide a reduction of risk to the business, compliance with regulatory and customer obligations. Analysis will include identifying trends & patterns, advising on remediation approaches to provide appropriate timely remediation, and tracking remediation progress. The role will work as part of a team who are focused on reducing the risk posed by vulnerabilities across the business. They will also work with people across the business who are responsible for remediating the identified vulnerabilities. We are looking for a collaborative team player, with deep technical knowledge in this area. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business. The Role * Plan and execute vulnerability scans of networks and systems * Review and analyse vulnerability data to identify trends and patterns, and link asset and vulnerability data * Advise those responsible for remediation to enable the quickest reduction of risk * Perform compensating controls analysis and validates efficacy of existing controls * Operate processes and procedures to uphold and ensure compliance with applicable policies & standards * Ensure vulnerability management operations meet regulatory, customer, and audit obligations * Operate the Vulnerability Management process including applicable change control, and security exceptions * Produce, review and distribute consumable, relevant and actionable reporting * Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness * Work with other security teams such as Global SOC and Threat Intelligence to identify elevated risks & recurring patterns and propose strategic actions to reduce risk. * Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that vulnerabilities are understood and appropriately addressed. The Requirements * Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one * An ability to effectively influence others to modify their opinions, plans, or behaviors * An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business * An understanding of organisational mission, values, and goals and consistent application of this knowledge * Deep technical expertise in frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP * Skilled in relevant technical solutions such as vulnerability management tooling * Experienced with vulnerability remediation tools & techniques and system security (operating systems, applications), networking, and web applications Desirable * Relevant vendor certifications * (ISC)2 CISSP * ISACA CISA Equal Opportunity Employer