Role Summary
Support the organisation's Attack Surface Management (ASM) and Vulnerability Management programmes by identifying, validating, prioritising, and tracking security vulnerabilities. Work closely with system owners to drive remediation efforts, manage risks, and improve the overall security posture.
Key Responsibilities
- Monitor and triage findings from ASM and Vulnerability Management tools.
- Validate vulnerabilities, assess risk using CVSS, and distinguish genuine exposures from false positives.
- Coordinate with system owners to track and drive remediation activities.
- Manage risk exceptions and support risk acceptance processes.
- Prepare vulnerability and remediation reports, analyse trends, and recommend security improvements.
- Support enhancement of vulnerability management processes, policies, standards, and playbooks.
Required Skills & Experience
- Degree in Computer Science, Information Security, or related discipline.
- Around 5 years of experience in Vulnerability Management, Attack Surface Management, Security Operations, or IT Risk.
- Strong understanding of vulnerability management, patch management, CVSS, and attack surface risks.
- Experience with Tenable, Qualys, Censys, or similar ASM/Vulnerability Management platforms.
- Strong analytical, risk assessment, and stakeholder communication skills.
Nice to Have
- Python scripting
- Certifications such as OSCP, GWEB, CRISC, CISA, or equivalent cybersecurity certifications.
