Vulnerability Management Analyst

We have an exciting new opportunity for a Vulnerability Management (VM) Analyst to join our Threat and Vulnerability Management (TVM) team. As a Vulnerability Management Analyst, you will be responsible for conducting and supporting key processes and technology related to vulnerability scanning, management, remediation, and tracking.

Apply today via the link below or contact [email protected] for more information.


About the team

The firm's ability to keep our clients' data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world's large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.

Led by our new CISO, Yolande Young, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead where global complexity creates opportunity.

In addition, you will have the opportunity to share and gain intel from the firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes.


What you will do

Scanning & Analysis

• Support the design, maintenance, and improvement of vulnerability management process flows by assisting senior team members and staying up to date with the firm's end-to-end security practices.

• Contribute to the review and validation of vulnerabilities using available tools and data sources under guidance and assisting in identifying false positives.

• Assist in evaluating risks associated with identified vulnerabilities by gathering relevant contextual information and learning how to assess potential impacts to systems and business functions.

• Support configuration, scheduling, and execution of vulnerability scans to ensure accurate and complete coverage across in-scope assets and environments.

• Assist in maintaining an accurate inventory of assets and their associated vulnerabilities, collaborating with asset management and IT teams as needed.

• Conduct research on vulnerabilities and learning how they may be exploited in the environment to support prioritisation efforts.

Collaboration & Support

• Provide administrative and technical support in maintaining workflows, reports, and dashboards within vulnerability management platforms.

• Participate in testing activities for new platform releases, upgrades, and enhancements, including user application testing, under the supervision of senior staff.

• Collaborate with team members in Vulnerability Management, the Cyber Defence, and Patching teams to support responses to zero-day vulnerabilities and critical threats.

• Assist technology teams and asset owners by providing documentation and guidance on remediation steps, with support from senior analysts.

• Validate that vulnerabilities have been effectively remediated or mitigated.

Reporting & Documentation

• Contribute to process documentation, standard operating procedures, and knowledge base articles to support team efficiency and onboarding.

• Contribute to regular reporting by collecting data and assisting in the preparation of KPI reports for operational and executive audiences.

What you will have

• Solid understanding of common threat vectors and attack techniques.

• Excellent communication skills, including both written and verbal, with a good ability to work collaboratively with colleagues across the business.

• Strong analytical skills with the ability to interpret data and draw actionable insights.

• Background in an information security or vulnerability management relevant field.

• Operational level experience in some of these domains - vulnerability scanning, vulnerability management, vulnerability remediation.

• A willingness to learn and develop both technically and personally in the role.

• A genuine passion for continuous learning and development in cybersecurity and vulnerability management, staying up to date with the latest developments, trends, and technologies in the field.

You will stand out if you bring

• Experience with tools such as Nessus, Tenable, Qualys, SIEM, or SOAR platforms

• Strong understanding of the vulnerability landscape, security threats and compromise methods

• Previous experience working in vulnerability management, security testing/assessment, or related field.

• Professional certifications like CompTIA+, or Certified Information Systems Security Professional (CISSP), or equivalent are desirable.

• Bachelor's degree in information security, Computer Science, Engineering, Technology, or a similar degree.

What we can offer you

We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, online discounts and lifestyle management services.

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.

We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.