Threat and Vulnerability lead

Threat and Vulnerability Lead | Contract | London | 6 months

The Team and company

My client is a global consumer company going through a huge transformation. This role will be part of their Digital Infrastructure and Operations team. DI&O will play a big part of this journey by protecting, operating, improving and automating this platform.

DI&O will span a number of key areas including Cybersecurity, Site Reliability Engineering, Core Technology, Service Operations and Feature Activation and Enablement – it’s a core part of our business and one of the most exciting places to be.

Main responsibilities;

· Work with other Digital Security SME’s to build a view of all assets to be included within the scope of the Digital Threat & Vulnerability Management scope

· Develop a process to identify brand and technology threat as relevant to the Digital business and landscape

· Incorporate Threat metrics into the vulnerability management lifecycle to better understand the criticality and priority of vulnerability remediation

· Manage vulnerability management program, scanning functions, code review, firewall review ensuring regular scanning and review of assets and applications to identify network, infrastructure, and configuration vulnerabilities;

· Engage with Security Product Leads and Leadership within to continuously enhance and communicate the importance of vulnerability remediation from a technical perspective;

· Using the existing toolset, ensure that all vulnerabilities are tracked and have an appropriate system owner.

· Ensure new/all vulnerabilities are communicated in a standard, efficient and timely manner.

· Build and operate a process to contain or remediate zero-day vulnerabilities in order to protect the Digital infrastructure

· Develop an emergency process to engage appropriate leadership in the event of an emergency remediation activity in order to expedite fix or containment

· Build a dashboard that is accessible by various technical and non-technical stakeholders and that is continuously updated with the running status of vulnerabilities with the Digital infrastructures

· Using the existing toolset, design and deploy the relevant vulnerability management infrastructure to support both internal, external, XaaS and partner vulnerability scanning capabilities

· Support new project, programs or initiatives with vulnerabilities scanning of new or existing assets as required

· Review and risk assess the criticality and priority of all vulnerability scans (along with existing toolset for prioritization)

Requirements;

· Minimum of 2 years working on large scale threat & vulnerability management

· Good knowledge and experience with XaaS solutions such as AWS, Salesforce, Adobe, etc

· Good knowledge of working with vulnerability management tools such as Qualys, Nessus, Kenna, Fortify, etc

· Good technical knowledge of Linux (RHEL, Debian, OpenSUSE, Ubuntu) Windows Server/Desktop, OSX, etc

· Good knowledge of development languages (Java, Python, JavaScript, NodeJS, Ruby) a plus

· Technical knowledge and experience of IT architecture and infrastructure

· Good understanding of information security standards

· Broad knowledge of good security practice ensuring all aspects of Confidentiality, Integrity and Availability are adhered to;

o Excellence at stakeholder engagement and build strong partnerships across the technology and business team

o Knowledge on security best practices and frameworks (ISOIEC 27001, NIST, COBIT, ISF, ITIL, SABSA, OWASP)

· Open for travel occasionally

Threat and Vulnerability Lead | Contract | London | 6 months

This job ad was posted by Salt. To find out more about Salt’s Privacy Policy and how your application is processed, please visit our website https://welovesalt.com/privacy-policy/.