Vulnerability Governance Analyst

Life on the team

The Vulnerability Governance Analyst role will manage processes to detect, prevent and correct vulnerabilities to devices in a customer’s environment. The SC-cleared analyst will aim to mitigate business risks arising from both regulatory & security noncompliance.

What you’ll do

• Integrate with customer and third-party security operations centre reporting as well as integration with security incident procedures
• Build, manage and update Vulnerability Lifecycle Management Product Lists (VLMPLs) for all supported customers
• Responding to and helping to co-ordinate the response to Major Vulnerability incidents
• Sending out notifications and communications related to security vulnerabilities that affect multiple technologies
• Creation and ownership of vulnerability incidents – providing a “Start to Finish” level of incident management
• Proactive identification of vulnerabilities
• Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions
• Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology
• Working closely with technical and non-technical teams to coordinate changes and any emergency patching work that is required
• Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions
• Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs
• Occasional site visits to meet stakeholders and to improve customer relationships
• Provide professional, business friendly communications, translating complex matters for various audiences
• Research the latest information technology security bulletins for Microsoft products and 3rd party applications
• Provide a repeatable process for assessing vulnerabilities detected through multiple sources within a business context, determining recommendations for how the vulnerabilities should be treated and reporting these to business stakeholders.
• Creation of Security improvements which would be managed via SIP plans to ensure security threats and vulnerabilities are appropriately identified and managed
• Perform validation and closure activities on completion of corrective mitigation actions
• Pro-actively logging incidents and changes to carry out remediation work and repeated security changes

What you’ll need

• It is essential for a Vulnerability Governance analyst to have valid and existing SC clearance
• Knowledge/Understanding of operating systems and software security vulnerabilities
• Pro-active in finding solutions to problems and security improvements across customer’s environments
• Confident in co-ordinating mitigation actions across multiple resolver teams as well as presenting reports to business stakeholders such as Delivery Leadership
• Ability to work effectively as part of a team
• Knowledge/Understanding of vulnerability management tools such as Tenable, Qualys VMDR or Microsoft Defender
• Experience of Defender for Endpoint
• Awareness of:
• Security best practice (ITIL, COMPTIA)
• IT security and software vulnerabilities
• Experience in performing data analysis
• Experience in using PowerBI