Vulnerability Manager

Location: UK - London UK - Hatfield UK - Milton Keynes UK - Nottingham UK - Reading Job-ID: 216935 Contract type: Standard Business Unit: Cyber Security

Life on the team

Are you passionate about staying one step ahead of cyber threats Do you thrive in a fastpaced forwardthinking security environment If so wed love to hear from you.

Were seeking a Vulnerability Manager to join our expanding global security teaman expert group dedicated to protecting our platforms services and operational environments from an everevolving threat landscape.

Who Are We

We are a global community of security specialists united by a shared purpose: safeguarding the organisation on every front. Our team is built around three core functions:

• Security Engineering
• Vulnerability Operations
• Cyber Security Specialists

Together these teams deliver a full-spectrum datadriven approach to vulnerability managementensuring our environments remain secure resilient and futureready.

Working as a Vulnerability Manager you will be responsible forthe day-to-day delivery of the vulnerability management function including its technology and role willbe responsible forthe identificationprioritisationand reporting of technical vulnerabilities as well as providing expert support to operational delivery teams on the remediation ofvulnerabilities.(100%)

What youll do

• Be responsible forowning andoperatingthe vulnerability management process for Computacenter.

• Execute the roadmap for vulnerability management processes and technologies.

• Be responsible forthe day-to-day operation of vulnerability identificationassessmentand alerting tooling.

• Identifyevaluateand prioritise vulnerability remediation activities across the Computacenter group.

• Provideexpert security guidance to support resolver teams in the remediation of technical vulnerabilities and weaknesses.

• Provide experienced support to the vulnerability analysts

• Operate the vulnerability management process across the Computacenter group to ensure cooperation amongst all centralised and regional resolver teams.

• Remain current on the latest cyber security threats new vulnerabilities and the Tactics Techniques and Procedures (TTPs) used by threat actors exploiting them.

• Analyse vulnerability intelligence feeds to inform and prioritise vulnerability remediation.

• Operate as a technical vulnerability SME and support on the Groups response to new major vulnerabilities affecting Computacenter.

• Support in vulnerability investigation and analysis on cyber security incidents to support the Computacenter Cyber Security Incident Response Team (CSIRT).

• Proactively measure the effectiveness of the vulnerability management process through monitoring and conformance to policy and standards (patch configuration etc).

• Identifyopportunities for the continual improvement of the vulnerability management programme.

• Prepare regularaccurateand actionable reporting metrics to senior management and organisational stakeholders.

• Deliver vulnerability exposure reviews to technical resolver groups for their business areas across the group

• Support the cyber risk management function by verifying that vulnerability controls are delivered for assets and information systemsidentifyingwhere controls are not being met and the cyber exposure that results in for Computacenter.

• Support penetration testers in their delivery by providingaccuratevulnerability analysis pre- and post-assessment.

• Support CTO with the technical validation of security controls.

• Supportour internal organisationby ensuring vulnerability control requirements are delivered for assets and digital services.

What youll need

• Demonstrable experience in Information and Cyber Security; especially vulnerability management.

• Experienced in vulnerability analysis and assessment including the operation of risk-based vulnerabilitymanagement.

• Experienced in the day-to-day operation of specialist security tooling for vulnerability identification and analysis (e.g. Tenable/Qualys/OWASP ZAP/MDE TVM etc.).

• Experienced in preparing threat and vulnerability briefings for management and technical resolvers.

• Practical experience in supporting IT operations including assetconfigurationand patch management.

• Understanding of technical IT security best practices including endpoint security network security cloud security and the key vulnerabilities and threats affect them.

• Understanding of common IT enterprise technologies - Windows Linux cloud networking platforms etc. and a desire to deliver success with new and evolving technologies

• Information security standards and frameworks including CIS NIST ISO 27001 Cyber Essentials (Plus) PCI DSS & GDPR.

• The MITRE ATT&CK Framework.

• Cyber threats and vulnerabilities.

• Advanced Persistent Threats (APT) and their associated Tactics Techniques and Procedures (TTP).

• Incident response and handling methodologies.

• Risk management processes (e.g. methods for assessing and mitigating risk).

• Recognised information security and/or information technology industry certification (CISM CISSP ISO27001leadimplementer Nessus/Qualys or equivalent/superior).

About us

We are a leading independent technology and services provider trusted by large corporate and public sector organisations. We are a responsible business that believes in winning together for our people and our planet. We help our customers to source transform and manage their technology infrastructure to deliver digital transformation enabling people and their business.

Our business may be about technology but first of all its about people

With over 20000 people across 22 countries we are proud of our inclusive culture - where everyone can thrive feel valued and truly belong.

As an equal opportunities employer were committed to ensuring fair and equal access to opportunities for all. Your application will be considered on its merits regardless of your age disability ethnicity gender identity or any other characteristics protected by law. What matters most to us is that you share our vision and values and bring the experience and skills were looking for.

We are proud to be a Disability Confident Employer. We welcome applications from disabled people and accept applications in alternative formats. We also guarantee to interview applicants who have a disability.

If you share our values and want to make a meaningful impact in a supportive forward-thinking environment - wed love to hear from you!