Vulnerability Analyst, Flexible location - UK
The Technical Security team are accountable for GBG’s Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities.
You'll be responsible for supporting the SOC Manager and overseeing GBG Security Operations activity, including vulnerability management activities
- Help to define and shape GBG’s technical assurance capabilities thru penetration testing/vulnerability management and DevSecOps
- Work closely with Dev/Ops teams across GBG to identify and correct security vulnerabilities based on risk to the business
- Operate vulnerability management tooling in conjunction with GBGs service provider
- Work with external parties with development of external and internal vulnerability testing capabilities
- Working alongside security engineers, support external penetration testing prioritising findings based on risk
- Follow up on reports and ensuring recommendations for threat remediation are followed
- Providing advice to IT teams across the business on patching recommendations in relation to identified threats
- Stay informed of new vulnerabilities that could impact the business
- Create reports and analysis for technical teams and senior management
- Review and analyse vulnerability data to identify trends and patterns, and link asset and vulnerability data
- Monitoring and respond to vendor and security research notifications of vulnerabilities and assessing the exposure of the business.
- Work with other security teams such as SOC to identify risks & recurring patterns and propose c actions to reduce risk
- Should have excellent understanding of Information Security best practice and regulatory requirements and should have recent experience in a Threat and Vulnerability related role
- Must be familiar with security vulnerabilities e.g. cloud/on-prem/endpoint
- Familiar with infrastructure and web application scanning tools e.g. Qualys
- Have a sound understanding of network/infrastructure and web/mobile application weakness (CWE, OWASP)
- Strong foundation in network security and common attack methodologies
- Good all-round understanding of Technical Infrastructure, Cloud and Network Technology developed via hands-on experience
- Knowledge of secure by design principles
- At least one professional security certification e.g. CISSP, CEH, GCIH, GCFA or working towards
- Understanding of industry standards ISO2701. PCI-DSS etc
- Ability to support security incidents and investigations
- Excellent analytical skills with the ability to see the bigger picture
- Excellent communication skills with the ability to influence multiple stakeholders
- Willingness to learn and adapt to new technologies coupled with a passion for cyber security
- Good team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles
Willing to work flexible hours to communicate with teams globally
What’s in it for you?
We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference and everyone has something to contribute.
If you’re interested, please apply or if you’d like to hear more about the role and benefits then contact email@example.com. We’re looking to hire the best and most engaged people into our business and we’ll make an offer once we’ve found that person.