Vulnerability Management Specialist Cloud in Reading

The Vulnerability Specialist is responsible for working with all the stakeholders within Security and throughout the business for developing and enforcing the strategy and vision for end-to-end vulnerability management along with the execution on reducing the biggest risk on Cloud. The role is accountable for the key vulnerability managed areas, including but not limited to, vulnerability assessment, vulnerability hunting, vulnerability research and vulnerability risk management. You must manage the partnerships with key stakeholders providing efficient and consistent vulnerability management services that allows the business to grow. This role must understand the gaps that exist in process, tooling and results and then drive to continually close these gaps.

1. Support Daily Operations

• Conduct vulnerability scans, analyse reports, and triage vulnerabilities.
• Proficient with Cloud vulnerabilities management AWS, GCP.
• Rapid7 CloudSec, Cloud Vulnerability Management AWS & Google (GCP).
• Automate repetitive tasks using scripting or tools to enhance efficiency.

2. Contribute to Process Design

• Collaborate in designing and implementing scalable vulnerability management processes.
• Provide technical insights to ensure processes are aligned with organisational needs.

3. Collaborate with Stakeholders

• Support partnerships with internal teams and external vendors to improve vulnerability remediation.
• Foster cross-functional collaboration to address vulnerabilities effectively.

4. Metrics and Reporting

• Provide inputs to define actionable metrics for executive-level briefings.
• Track and report on vulnerability trends and operational performance.
• Use predictive analytics to identify and forecast trends in vulnerabilities.

5. Mentorship and Team Development

• Share technical expertise with junior team members to foster growth.
• Develop micro-learning modules or hands-on labs for continuous team skill enhancement.

6. Policy Review and Compliance

• Assist in the annual review of policies, standards, and processes to ensure compliance with ISO27001.
• Provide technical inputs for identifying gaps and developing improvement roadmaps.

7. Process and Standards Improvement

• Ensure adherence to quality standards and identify areas for improvement.
• Consolidate overlapping responsibilities to streamline processes.

8. Support Security Teams

• Assist other Group Security teams by providing vulnerability-specific intelligence.
• Contribute to building a shared knowledge repository for all teams.

9. Incident Support

• Assist in analysing and resolving security incidents, focusing on vulnerability-related aspects.
• Use post-incident reviews to pre-empt vulnerabilities and improve resilience.

Technical Expertise:

• Strong understanding of vulnerability management processes, tools, and frameworks (e.g., Rapid7, Nessus, Qualys, OpenVAS).
• Knowledge in scripting languages (e.g., Python, PowerShell) for automation.
• Knowledge of security standards and frameworks (e.g., ISO 27001, NIST, CIS Controls).

Analytical Skills:

• Ability to conduct risk assessments and prioritise vulnerabilities based on business impact.
• Experience in creating and interpreting metrics and reports for stakeholders.

Communication and Collaboration:

• Excellent written and verbal communication skills for reporting and stakeholder engagement.
• Ability to collaborate with cross-functional teams, including SOC, IT, and external vendors.

Problem-Solving:

• Experience in incident response and remediation strategies for vulnerabilities.
• Creative thinking for implementing counterintuitive solutions (e.g., gamification, predictive analytics).

Leadership and Mentorship:

• Proven ability to mentor junior team members and contribute to team skill development.
• Experience in fostering a culture of knowledge sharing and continuous improvement.