Summary:

In this role, you will help ensure that vulnerabilities and exposures across our environment are identified, validated, and remediated in a timely manner. You will work closely with system owners and report findings, helping to keep our risk posture visible and well-managed.

Job Scope

Attack Surface Monitoring, Vulnerability Scanning, and Triage

• Monitor and triage findings surfaced by our Attack Surface Management (ASM) and Vulnerability Management tools
• Assess each finding for validity, severity, and exploitability before escalating or acting on it
• Distinguish genuine exposures from false positives and contextualise findings against our asset inventory
• Prioritise remediation efforts based on risk
• Remediation Workflow Management
• Work with system owners to follow up on outstanding findings
• Track remediation progress and ensure findings are resolved in a timely manner
• Manage exceptions and risk acceptance where remediation is not immediately feasible
• Communicate clearly with non-technical stakeholders, translating technical findings into actionable guidance

Reporting & Insights

• Consolidate vulnerability data and remediation metrics for reporting
• Identify trends and surface systemic issues across the organisation's attack surface and internal asset landscape
• Provide recommendations to improve our overall exposure management programme

Process Improvement

• Contribute to the refinement of ASM and vulnerability management processes, tooling configurations, and escalation playbooks over time
• Support the development and maintenance of vulnerability management policies, standards, and procedures in alignment with industry best practices

Prerequisites

• Bachelor’s Degree in Computer Science/Information Security or equivalent
• Professional certifications, including GWEB, OSCP, CRISC, CISA or other relevant certifications will be preferred
• Preferably 5 years of experience in a relevant cybersecurity function, such as vulnerability management, attack surface management, security operations, or IT risk
• Strong understanding of cybersecurity concepts, particularly around vulnerability management, patch management, common vulnerability scoring frameworks (eg CVSS), and external-facing attack surface risks
• Familiarity with ASM or vulnerability management tools (such as Tenable, Qualys, Censys, or similar)
• Proficiency in programming languages such as Python will be advantageous
• Strong analytical and judgement skills, with the ability to think critically and make sound recommendations
• Good communication and interpersonal skills, with the ability to multitask, prioritise, and translate technical findings
• Meticulous, with a high degree of integrity, initiative, and energy