Vulnerability Governance Analyst

Location: UK - Nottingham, UK - Hatfield, UK - Milton Keynes | Job-ID: 214080 | Contract type: Standard | Business Unit: Cyber Security

Life on the team

The Vulnerability Governance Analyst role will manage processes to detect, prevent, and correct vulnerabilities in customer environments. The SC-cleared analyst will aim to mitigate business risks arising from regulatory and security non-compliance.

What you’ll do

• Integrate with customer and third-party security operations centre reporting, as well as security incident procedures
• Build, manage, and update Vulnerability Lifecycle Management Product Lists (VLMPLs) for all supported customers
• Respond to and coordinate responses to Major Vulnerability incidents
• Send notifications and communications related to security vulnerabilities affecting multiple technologies
• Create and own vulnerability incidents, providing end-to-end incident management
• Proactively identify vulnerabilities
• Provide information on potential impacts and mitigation actions for new threats or vulnerabilities from vendors, threat intelligence, and subscriptions
• Establish good practice vulnerability treatment throughout the customer estate, including policy implementation, hardening, patching, and fixes
• Work closely with technical and non-technical teams to coordinate changes and emergency patching
• Evaluate vulnerabilities across multiple technologies in relation to VLMPLs
• Occasional site visits to meet stakeholders and improve customer relationships
• Communicate professionally and clearly, translating complex matters for various audiences
• Research the latest security bulletins for Microsoft products and third-party applications
• Develop a repeatable process for assessing detected vulnerabilities, recommending treatment, and reporting to stakeholders
• Create security improvement plans to ensure vulnerabilities are identified and managed effectively
• Perform validation and closure activities after mitigation actions
• Log incidents and changes to support remediation and security improvements

What you’ll need

• Valid and existing SC clearance
• Knowledge of operating systems and software security vulnerabilities
• Proactive problem-solving skills and security improvement initiatives
• Ability to coordinate mitigation across resolver teams and present reports to stakeholders like Delivery Leadership
• Effective team collaboration skills
• Experience with vulnerability management tools such as Tenable, Qualys VMDR, or Microsoft Defender
• Experience with Defender for Endpoint
• Understanding of security best practices (ITIL, COMPTIA)
• Knowledge of IT security and vulnerabilities
• Data analysis experience
• Experience using PowerBI

About us

With over 20,000 employees worldwide, we are at the forefront of digitisation, advising on IT strategy, implementing technology, and helping clients manage their infrastructure across over 70 countries. We enable digital transformation and empower organizations and individuals through technology.