Cyber Vulnerability Analyst

Purpose of Role:
The Cyber Defence Vulnerability Analyst role has been created as part of re-energising our CISO function. Our CISO function comprises of Cyber Defence Centre, Business Resilience, Governance, Risk & Compliance, Privacy & Information Management, Strategy & Operating Office and Security Innovation & Enablement.
The Vulnerability Analyst is a key member of the Cyber Defence 'Assure' function and reports to the Vulnerability & Testing Manager.

The purpose of this role is to perform identification, contextualisation, and analysis of posture weaknesses across the companies technology estate. The role will be responsible for ensuring service owners are aware of weaknesses in their security posture and are empowered with the right information to take appropriate actions.

This role is suited to an analyst with a strong stakeholder management & risk background, who understands how to effectively influence a wide range of stakeholders (E.g. Product Owners, Engineers, 3^rd parties etc.); and effectively communicate and prioritise risks across a wide group technology estate.

• Responsible for managing aspects of the vulnerability & CSPM lifecycle excluding patch management.
• Responsible for identifying, alongside your peers, vulnerability & CSPM improvement opportunities.
• Responsible for improving and maintaining documentation that defines the vulnerability and posture weakness identification, contextualisation, prioritisation, and tracking framework.
• Responsible for relationship management with key technology stakeholders to ensure vulnerability (including cloud configuration weakness) priorities are understood and tracked appropriately.
• Responsible for collaborating with the wider Cyber Defence and CISO teams to ensure appropriate mitigation actions are considered within our security capabilities
  

• Strong experience being part of a security team or function where you have demonstrated strong stakeholder management skills across stakeholders with differing levels of technical security competency.
• Understanding of core vulnerability and cloud security posture management concepts.
• Pragmatism is a must for this role. Understanding risk, resource availability and business objectives at a group level is key.
• Experience applying contextualisation to identified posture weaknesses, both from a threat intelligence and internal technology architecture perspective.
• Understanding of how automation must play a role in all stages of vulnerability identification and prioritisation.

• Experience with vulnerability and cloud security posture management tools across multi-cloud estates.
• Best practice understanding of Azure, AWS & GCP environments setup.
• Understanding of wider Cyber Defence areas, such as threat intelligence, operations and engineering and how these areas influence posture improvements opportunities.
• Experience working in environments undergoing change programs.

• Undergraduate degree (preferably 2:1 or higher) in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math) is strongly preferred and a Master's degree in relevant field is desired.
• Cloud Security Administrator or Auditor certifications (or equivalent based on cloud platform) are desirable for this role.