IT Security Officer

IT Security Officer (ITSO)

In this role, you will help ensure that vulnerabilities andexposures across our environment are identified, validated, and remediated in atimely manner. You will work closely with system owners and report findings,helping to keep our risk posture visible and well-managed.

Job Scope

• Attack Surface Monitoring, Vulnerability Scanning, and Triage
• Monitor and triage findings surfaced by our Attack Surface Management (ASM) and Vulnerability Management tools
• Assess each finding for validity, severity, and exploitability before escalating or acting on it
• Distinguish genuine exposures from false positives and contextualise findings against our asset inventory
• Prioritise remediation efforts based on risk
• Remediation Workflow Management
• Work with system owners to follow up on outstanding findings
• Track remediation progress and ensure findings are resolved in a timely manner
• Manage exceptions and risk acceptance where remediation is not immediately feasible
• Communicate clearly with non-technical stakeholders, translating technical findings into actionable guidance
• Reporting & Insights
• Consolidate vulnerability data and remediation metrics for reporting
• Identify trends and surface systemic issues across the organisation's attack surface and internal asset landscape
• Provide recommendations to improve our overall exposure management programme
• Process Improvement
• Contribute to the refinement of ASM and vulnerability management processes, tooling configurations, and escalation playbooks over time
• Support the development and maintenance of vulnerability management policies, standards, and procedures in alignment with industry best practices

Prerequisites

• Bachelor's Degree in Computer Science/Information Security or equivalent
• Professional certifications, including GWEB, OSCP, CRISC, CISA or other relevant certifications will be preferred
• Preferably 5 years of experience in a relevant cybersecurity function, such as vulnerability management, attack surface management, security operations, or IT risk
• Strong understanding of cybersecurity concepts, particularly around vulnerability management, patch management, common vulnerability scoring frameworks (eg CVSS), and external-facing attack surface risks
• Familiarity with ASM or vulnerability management tools (such as Tenable, Qualys, Censys, or similar)
• Proficiency in programming languages such as Python will be advantageous
• Strong analytical and judgement skills, with the ability to think critically and make sound recommendations
• Good communication and interpersonal skills, with the ability to multitask, prioritise, and translate technical findings
• Meticulous, with a high degree of integrity, initiative, and energy