IT Vulnerability Manager
  • United Kingdom Stevenage
  • ClickJobs.io
1 year before
31.12.2023
Protect and Defend
Vulnerability Assessment and Management
Job Description

Job Title: IT Vulnerability Manager Location: Hertfordshire Excellent salary + company benefits Overview: We have a great opportunity for a dedicated IT Vulnerability Manager to join a well-established company where you will be working within a Team of friendly professionals!! The Vulnerability manager provides security profiling analysis, reporting and the implementation and tracking of remediation activities for the assigned environments ensuring appropriate activities are undertaken to maintain accreditation as appropriate. Key Responsibilities:

Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g. local computing environment and supporting infrastructure). Maintain knowledge of applicable policies, regulations, and compliance documents specifically related to ensuring compliance with the contracted accreditation/classification Support the selection/implementation of security controls to mitigate risk (e.g., protection of information, systems, and processes) Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders Work with stakeholders / suppliers / delivery teams to ensure compliance with Cyber Essentials / Cyber Essentials Report and track remediation / patching activities affecting all devices and applications within the assigned environment Interfacing with suppliers, vendors to ensure appropriate activities/assessments are undertaken Manage the security vulnerabilities and risks across the assigned environments including identifying, supporting application/system owners to manage risks and remediate vulnerabilities Key Skills/Experience:

Solid understanding of information security policies, standards and industry best practices Experience in performing risk assessments on different applications and technologies Familiarity with Vulnerability Management tools Ability to build strong relationships with customers and senior stakeholders Experience with system hardening and secure configuration frameworks Working knowledge of ITIL change management / patch management DUE TO THE NATURE OF THIS VACANCY ENHANCED SECURITY CLEARANCE WILL BE REQUIRED

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0009   Knowledge of application vulnerabilities.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attackā€™s relationship to both threats and vulnerabilities.
  • K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • K0206   Knowledge of ethical hacking principles and techniques.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • S0009   WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
  • S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
  • S0137   Skill in conducting application vulnerability assessments.
  • S0171   Skill in performing impact/risk assessments.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).