Vulnerability Management Engineer

Leicester - UK

Monthly Salary: Not Disclosed

Posted on: 8 hours ago

Vacancies: 1 Vacancy

Job Summary

Description

About the role:

Working in the Information Security team you will focus on Vulnerability and Threat Management across our Next technology estate and the tech utilised within it to help maintain an awareness of new and emerging security threats and trends.

You will be responsible for identifying assessing validating and communicating new vulnerabilities across the other technical teams ensuring the vulnerability management process is followed. Where required you will work with other IT teams to provide guidance and recommend mitigation strategies for vulnerabilities.

As a Vulnerability Management Engineer a knowledge of the MITRE Attack Framework would be advantageous. You will help manage and configure our vulnerability scanning and reporting tools.

Where required you will create reporting to summarise findings and recommendations for a variety of audiences. The role also requires you to take a lead in reviewing incoming threat intelligence in order to assess its relevance and severity in context to our business where appropriate you will provide reports on threats of interest to senior stakeholders and work with the relevant teams to proactively assess test and mitigate any risk.

You will also be expected to maintain an awareness of the changing threat landscape and industry standards. Proactively work with our Incident Response and Engineering teams to identify tactics and techniques used by threats actors and opportunities to improve the security of our environment. Propose and support implementing suitable countermeasures for threats identified through intelligence testing and objective validation. (This role involves participating in a shift rota).

Key Responsibilities

Manage and maintain Vulnerability scanning and risk reporting tools.

Complete relevant security assessments including debriefing key stakeholders on any apparent risks.

Ensure all relevant vulnerabilities are correctly triaged risk assessed logged and assigned to remediation teams.

Support remediation teams with remediation strategies.

Assist Incident Response team with the investigation and resolution of Security Incidents if and when required.

Create and maintain operation procedures configuration and technical documentation to a high standard.

Manage and maintain metrics and reporting to demonstrate the effectiveness of our vulnerability management programme.

Maintain an awareness of new and emerging security threats and trends.

Review threat intelligence and advise on recommended mitigation strategies where appropriate.

About you:

Essential

Experience managing and maintaining a Vulnerability Management tool.

A strong knowledge of Information Security concepts including malware emerging threats attacks and vulnerability management.

Proven Information Technology experience with an excellent understanding of

network protocols and server infrastructure including network segmentation.

Windows Server and/or Linux experience.

Ability to contribute towards helping diagnosis and resolution of major issues.

Adheres to and promotes high standards.

Understand and operate change management.

A team player who is hardworking and self-motivated.

Possess an inquisitive and proactive approach to identifying security gaps.

Ability to effectively plan and prioritise workloads and to measure and report on current progress.

Ability to remain calm under pressure and clearly communicate to all levels of management.

Excellent attention to detail.

Adheres to and promotes high standards.

Understanding of vulnerability and threat assessment frameworks such as: CVSS CVE CWEOWASP MITRE.

Desirable

Experience with security or compliance standards such as PCI-DSS or ISO27001.

Understanding and experience of working for a Retail company.

Foundational understanding of Cloud based infrastructure

Relevant industry recognised security qualification

Understanding of DevOps architecture and code scanning.

Offensive Security experience

Competent at keeping up to date on CTI (Cyber Threat Intelligence)

Experience of managing a TIP (Threat Intelligence Platforms)
Experience of Custom AI usage

Required Experience:

DescriptionAbout the role:Working in the Information Security team you will focus on Vulnerability and Threat Management across our Next technology estate and the tech utilised within it to help maintain an awareness of new and emerging security threats and trends.You will be responsible for identif...

Description

About the role:

As a Vulnerability Management Engineer a knowledge of the MITRE Attack Framework would be advantageous. You will help manage and configure our vulnerability scanning and reporting tools.

Key Responsibilities

Manage and maintain Vulnerability scanning and risk reporting tools.

Complete relevant security assessments including debriefing key stakeholders on any apparent risks.

Ensure all relevant vulnerabilities are correctly triaged risk assessed logged and assigned to remediation teams.

Support remediation teams with remediation strategies.

Assist Incident Response team with the investigation and resolution of Security Incidents if and when required.

Create and maintain operation procedures configuration and technical documentation to a high standard.

Manage and maintain metrics and reporting to demonstrate the effectiveness of our vulnerability management programme.

Maintain an awareness of new and emerging security threats and trends.

Review threat intelligence and advise on recommended mitigation strategies where appropriate.

About you:

Essential

Experience managing and maintaining a Vulnerability Management tool.

A strong knowledge of Information Security concepts including malware emerging threats attacks and vulnerability management.

Proven Information Technology experience with an excellent understanding of

network protocols and server infrastructure including network segmentation.

Windows Server and/or Linux experience.

Ability to contribute towards helping diagnosis and resolution of major issues.

Adheres to and promotes high standards.

Understand and operate change management.

A team player who is hardworking and self-motivated.

Possess an inquisitive and proactive approach to identifying security gaps.

Ability to effectively plan and prioritise workloads and to measure and report on current progress.

Ability to remain calm under pressure and clearly communicate to all levels of management.

Excellent attention to detail.

Adheres to and promotes high standards.

Understanding of vulnerability and threat assessment frameworks such as: CVSS CVE CWEOWASP MITRE.

Desirable

Experience with security or compliance standards such as PCI-DSS or ISO27001.

Understanding and experience of working for a Retail company.

Foundational understanding of Cloud based infrastructure

Relevant industry recognised security qualification

Understanding of DevOps architecture and code scanning.

Offensive Security experience

Competent at keeping up to date on CTI (Cyber Threat Intelligence)

Experience of managing a TIP (Threat Intelligence Platforms)
Experience of Custom AI usage

Required Experience:

Key Skills

Network security
SQL
Active Directory
Information Technology
Protocols
Tcp/IP
BGP
Routers
Infrastructure
Linux
Internet
Juniper
DoD
hardware
Technical Support

Apply Now

About Company

Next Careers

You know Next, but did you know we’re a FTSE-100 retail company employing over 35,000 people across the UK and Ireland. We’re the UK’s 2nd largest fashion retailer and for Kidswear we’re the market leader. At the last count we have over 500 stores, plus the Next Online and it’s now po ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click