Vulnerability Manager in Hatfield

We're seeking a Vulnerability Manager to join our expanding global security team - an expert group dedicated to protecting our platforms, services, and operational environments from an ever-evolving threat landscape.

Responsibilities

• Own and operate the vulnerability management process for Computacenter.
• Execute the roadmap for vulnerability management processes and technologies.
• Operate day-to-day vulnerability identification, assessment, and alerting tooling.
• Identify, evaluate and prioritise vulnerability remediation activities across the Computacenter group.
• Provide expert security guidance to resolver teams in the remediation of technical vulnerabilities and weaknesses.
• Support the vulnerability analysts.
• Ensure cooperation amongst all centralised and regional resolver teams across the group.
• Keep current on the latest cyber-security threats, new vulnerabilities and the Tactics, Techniques, and Procedures (TTPs) used by threat actors.
• Analyse vulnerability intelligence feeds to inform prioritisation of remediation.
• Act as a technical vulnerability SME and support the group’s response to new major vulnerabilities affecting Computacenter.
• Support vulnerability investigation and analysis on cyber-security incidents for the Computacenter Cyber Security Incident Response Team (CSIRT).
• Measure the effectiveness of the vulnerability management process through monitoring and compliance with policy and standards (patch, configuration, etc.).
• Identify opportunities for continual improvement of the programme.
• Prepare accurate and actionable reporting metrics for senior management and stakeholders.
• Deliver vulnerability exposure reviews to technical resolver groups across the business.
• Support the cyber-risk management function by verifying that vulnerability controls are delivered for assets and information systems and by identifying gaps and exposure risks.
• Support penetration testers by providing accurate vulnerability analysis pre- and post-assessment.
• Support the CTO with technical validation of security controls.
• Ensure vulnerability control requirements are delivered for assets and digital services.

Qualifications

• Demonstrable experience in information and cyber security, especially vulnerability management.
• Experience in vulnerability analysis and assessment, including risk-based vulnerability management.
• Experience operating specialist security tooling for vulnerability identification and analysis (e.g., Tenable, Qualys, OWASP ZAP, MDE, TVM).
• Experience preparing threat and vulnerability briefings for management and technical resolvers.
• Practical experience supporting IT operations, including asset, configuration and patch management.
• Understanding of technical IT security best practices, including endpoint, network and cloud security and related key vulnerabilities.
• Understanding of common IT enterprise technologies – Windows, Linux, cloud and networking platforms – and a desire to deliver success with new technologies.
• Familiarity with information security standards and frameworks such as CIS, NIST, ISO 27001, Cyber Essentials (Plus), PCI DSS and GDPR.
• Knowledge of the MITRE ATT&CK framework.
• Knowledge of cyber threats, advanced persistent threats (APT) and associated TTPs.
• Experience with incident-response and handling methodologies.
• Experience with risk-management processes (assessment and mitigation).
• Recognised information-security and/or information-technology industry certification (CISM, CISSP, ISO 27001 lead implementer, Nessus/Qualys or equivalent/superior).

Equal Opportunity Employer

We are an equal-opportunity employer. Your application will be considered on its merits, regardless of age, disability, ethnicity, gender identity or any other characteristic protected by law. We are proud to be a Disability Confident Employer and welcome applications in alternative formats. We guarantee to interview applicants who have a disability.