Vulnerability Analyst – Security Vendor

Role overview:

Working for an IAM security vendor, you’ll be responsible for supporting the SOC Manager and overseeing the company’s Security Operations activity, including vulnerability management activities

Main tasks and responsibilities:

• Help to define and shape the company’s technical assurance capabilities through penetration testing/vulnerability management and DevSecOps
• Work closely with Dev/Ops teams across the company to identify and correct security vulnerabilities based on risk to the business
• Operate vulnerability management tooling in conjunction with the company’s service provider
• Work with external parties with development of external and internal vulnerability testing capabilities
• Working alongside security engineers, support external penetration testing prioritising findings based on risk
• Follow up on reports and ensuring recommendations for threat remediation are followed
• Providing advice to IT teams across the business on patching recommendations in relation to identified threats
• Stay informed of new vulnerabilities that could impact the business
• Create reports and analysis for technical teams and senior management
• Review and analyse vulnerability data to identify trends and patterns, and link asset and vulnerability data
• Monitoring and respond to vendor and security research notifications of vulnerabilities and assessing the exposure of the business.
• Work with other security teams such as SOC to identify risks & recurring patterns and propose actions to reduce risk

Skills:

• Should have excellent understanding of Information Security best practice and regulatory requirements and should have recent experience in a Threat and Vulnerability related role
• Must be familiar with security vulnerabilities e.g. cloud/on-prem/endpoint
• Familiar with infrastructure and web application scanning tools e.g. Qualys
• Have a sound understanding of network/infrastructure and web/mobile application weakness (CWE, OWASP)
• Strong foundation in network security and common attack methodologies
• Good all-round understanding of Technical Infrastructure, Cloud and Network Technology developed via hands-on experience
• Knowledge of secure by design principles
• Understanding of industry standards ISO2701. PCI-DSS etc
• Ability to support security incidents and investigations

Pre-requisites:

• Excellent analytical skills with the ability to see the bigger picture
• Excellent communication skills with the ability to influence multiple stakeholders
• Willingness to learn and adapt to new technologies coupled with a passion for cyber security
• Good team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles
• Willing to work flexible hours to communicate with teams globally

Further info:

• Competitive salary & flex bens
• Flexible locations / remote

To apply:

Please either register your CV and complete the information fields requested or send your CV to vacancies@trilatycyber.com referencing WDA153 and your current salary