- Support the implementation and maintenance of Vulnerability Management processes and procedures.
- Ensure the prioritisation and tracking of vulnerabilities is effective.
- Provide expertise on vulnerabilities when engaging with resolvers and mediate on calls with the technical teams, ensuring good working relationships are maintained.
- Identify systemic issues and/or opportunities for service maturation and improvement. Then work with relevant stakeholders and technical teams to improve the security posture. Delivers appropriate documentation that reflects the output from the analysis conducted.
- Support security risk, vulnerability assessments and business impact analysis as required.
- Support team to produce and provide reporting and commentary for vulnerability reports.
- Maintain reliable and up-to-date information regarding Information Security, including new and existing threats and vulnerabilities and incorporate that detail into actionable deliverables.
- Support with threat remediation activities across BGUK, following up on threats identified by the Threat Intelligence team and ensure they are dealt with appropriately.
- Support projects within the function as required.
- Be familiar with security tools and where appropriate, the development of simple scripts to assist with the ongoing analysis of a security vulnerability.
- Support the administration of the Vulnerability Management tool. Ensure robust practices are in place for Security Engineering team to maintain the health of the system.
- Perform administrative tasks where they are required alongside the rest of the team.
- Flexible to support other areas under vulnerability management as required such as Red Team remediation tracking, Security Testing co-ordination.
- Exposure to security monitoring and vulnerability management tools. Tenable, Qualys or Rapid7 experience desired.
- Exposure to Vulnerability Management and Threat Intelligence sources.
- Knowledge on Cloud architecture and experience with vulnerability scanning in this area is preferable. Azure, GCP, AWS
- Experience with Service Now Vulnerability Management module beneficial.
- Keen to engage with future opportunities with AI in the Vulnerability Management world.
- Experience in at least one technology tower (End User Computing, Hosting or Networks) and foundation in various enterprise technologies/infrastructure including network architectures and operating systems is preferable.
- Confident in their technical expertise and can present themselves as a technically competent SME.
- Has a track record of technical delivery within a fast-paced environment.
- Awareness and use of security and privacy concepts (e.g., international and industry standards, legal and regulatory constraints, etc.).
- Is able to take a pragmatic view of the application of technologies; understanding the business application of them and able to identify a balance between the management of risk and the capability for the business to continue to operate.
- Should have strong knowledge on OWASP top 10 Vulnerabilities.
- Knowledge of perimeter and host security intrusion techniques.
- Good appreciation/experience of typical enterprise security services including but not limited to: Threat Intelligence Penetration testing Anti-malware Email/SPAM management Authentication mechanisms SIEM WAF Firewalls Proxy technologies IDS/IPS DLP
Vulnerability Management Analyst - Salford, United Kingdom - Bupa
Description
Job Description:
Vulnerability Management Analyst
Manchester (Salford Quays) or Staines
Full time hours/week
Hybrid working options
Salary: £47,000 – neg depending on exp.
We make health happen
At Bupa, we're passionate about technology. With colleagues, customers, patients, and residents in mind you'll have the opportunity to work on innovative projects and make a real impact on their lives.
Right from the start you'll become part of our digital strategy, joining us on our journey and developing yourself along the way.
The purpose of the role is to monitor vulnerability management within Bupa, to analyse vulnerability findings in line with Information Security policies and practices, mediating and providing expertise on remediation calls with resolvers, appropriately escalating vulnerability issues and ensuring threat remediation activities are dealt with.
How you'll help us make health happen:
Key Skills / Qualifications needed for this role:
Benefits
Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.
Joining Bupa in this role you will receive the following benefits and more:
• 25 days holiday, increasing through length of service, with option to buy or sell
• Bupa health insurance as a benefit in kind
• An enhanced pension plan and life insurance
• Annual performance-based bonus
• Onsite gyms or local discounts where no onsite gym available
• Various other benefits and online discounts
Why Bupa?
We're a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.