Cyber Security Vulnerability Analyst

This contract with our central government client is for a Cyber Security Vulnerability Analyst for 7 months based in London, Manchester, Bristol - 3 days per week in office.  

Duties & Responsibilities:  

- The primary focus of the role will be delivering the client's core security operations of vulnerability management. Key outcomes from the role are the delivery of seamless vulnerability management service into the organisation's infrastructure and business units, verifying the effectiveness of estate-wide security measures.  

- The focus, outcomes and responsibilities are aligned to the Government Security Profession Framework.  

As a cyber security vulnerability analyst, you will:  

- manage the operation and roll out of one or more vulnerability identification and assessment capabilities across the client's on-premise and cloud-based IT estate and digital services.  

- coordinate the triage and remediation of identified vulnerabilities using a risk-based approach, working closely with service teams and developers to ensure that appropriate mitigation measures are implemented.  

- work closely with other teams across Cyber Security and the organisation to proactively reduce cyber security vulnerabilities.  

- produce regular reporting which delivers insights on vulnerability management activities and the impact on cyber security risk.  

- establish a detailed understanding of the organisation's data security and architectures enabling the delivery of consistent security advice.  

- define requirements for improving and expanding their security tooling.  

- develop and update internal plans, processes, and knowledge base articles.

People who have strong vulnerability management experience, including:  

- experience developing, implementing and operating vulnerability management capabilities using Tenable One.  

- experience using a variety of sources of information to identify, analyse and report on relevant threats and vulnerabilities.  

- experience deploying, configuring and using vulnerability assessment (such as Tenable and the NCSC’s Active Cyber Defence Toolkit) and Attack Surface Management tools.  

- excellent stakeholder management skills.  

- excellent verbal and written communication skills, and the ability to communicate technical security issues to both technical and non-technical stakeholders  

- experience with cloud environments such as AWS and Azure  

It’s also desirable that you have:  

- experience with bug bounty programmes and platforms.  

- experience with digital brand protection.  

- experience investigating and responding to cyber incidents.  

- ability to work as part of a team in a multidisciplinary environment.