Threat & Vulnerability Analyst

Reporting to the Director of IP Security Engineering, with daily supervision via the Senior Threat and Vulnerability Management Analyst(s) this role as “Threat & Vulnerability Analyst” will support the Global IP Security program.

This role requires experience in threat identification and intelligence processing, technical vulnerability analysis and a good awareness of the technical tooling used in the automation of these processes.

This role provides proactive consulting and KPI metrics reporting to our technical teams and business stakeholders, advising on threats and vulnerabilities from the top of the technology stack to the bottom.

A solid understanding and existing ability to oversee ongoing efforts to identify and mitigate threats through scanning, patching and other remediation work is expected, however appropriate training internally and directly from specific software vendors will be given, if so required.

The role includes teamwork that collaborates within the department and with other technical engineering teams on the operational management of defense and security control measures including anti-malware for the organization.

The Analyst will work closely with all members of the Information Protection team, possess strong communication skills and be adept at engaging with stakeholders organisation-wide.

Responsibilities

Primary Responsibilities:

• Develop and execute vulnerability identification scans
• Develop and execute vulnerability policy tool orchestration
• Create actionable tickets and incidents within service desk tools, engaging with business and technology stakeholders to follow up on remediation activities as identified as risk during scanning processes
• Collaborate on the configuration and tuning of anti-malware toolsets, including BAU operational oversight
• Use vulnerability and risk assessment best practices to maintain vulnerability patching standards, documentation and policy enforcements.
• Collaborate on compiling vulnerability data going into reports for both technical and executive audiences.
• Be fully engaged with end-to-end mitigation/remediation of security incident activities – this will include critical and zero-day threat response that when necessary will result in some out of usual business hours working.
• Support technology teams in vulnerability research, false positive analysis and prioritization
• Maintain comprehensive documentation of vulnerability assessments, findings, and remediation efforts
• Monitor emerging security threats and vulnerabilities, and stay up-to-date on industry trends and best practices
  
  
  

Secondary Responsibilities:

• Oversee the execution of threat and vulnerability activities in line with compliance and audit policies (ISO 27001/PCI v4.0.1/SOX/Cybersecurity NIST v2/CIS Benchmarks)
• Collaborate on the conduct and preparation of vulnerability risk assessment reports, including compiling data ascertained through consultation with wider technical teams alongside providing responses to client requests and exception / risk acceptance processes.
• To coordinate regular meetings with business and technology stakeholders ensuring remediation activities are conducted in a timely fashion according to the corporate SLA standards
• Manage and document deviations, evaluating risk and managing the sign-off process
• Support Mangers and Leadership to continually evolve and improve the TVM Program
• Drive automation wherever possible into the program.
  
  
  

Qualifications

• Bachelor’ s degree in Computer Sciences or related field required.
• Strong experience with vulnerability scanning and research technologies (Tenable.SC, Tenable.IO, Tenable.WAS, Tenable.IE, Flexera)
• Experience with endpoint security management technologies (Netskope, Crowdstrike, Trend Deep Security, MS Defender/ATP)
• Strong Technical IT background (Networks, Windows, Unix/Linux, including some scripting and tools like wireshark and nMap)
• 2-3 years of experience in Security experience: offensive and defensive hacking, vulnerability assessments / programs, mitigation programs, and similar experiences;
• Excellent communications and presentation skills;
• Excellent Microsoft Office skills, with demonstrated expertise in developing and delivering risk assessments content;
• Demonstrated knowledge and understanding of information technology, systems and architecture;
• Must be detail oriented with the ability to work in a collaborative environment
• Uphold the firm's code of ethics and business conduct