The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas. We are the Cabinet Office's Cyber and Information Security function. Our mission is to secure the Cabinet Office's digital and information assets against misuse, and enable the secure delivery of the department's mission. We do this by developing, operating, and governing the cyber and information security controls which protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK. This role is within the Cyber Defence team, which is responsible for understanding, detecting and responding to cyber threats and vulnerabilities impacting the Cabinet Office. This role reports to the Red Team Manager, and is responsible for operating and continually improving the team's vulnerability management capabilities., As a cyber security vulnerability analyst, you will:
* manage the implementation and operation of vulnerability assessment capabilities across the Cabinet Office's on-premise and cloud-based IT estate and digital services
* coordinate the triage and remediation of identified vulnerabilities using a risk-based approach, working closely with service teams and developers to ensure that appropriate mitigation measures are implemented
* work closely with other teams across Cyber and Information Security and the wider Cabinet Office to proactively reduce cyber security vulnerabilities
* produce regular reporting which delivers insights on vulnerability management activities and the impact on cyber security risk
* establish a detailed understanding of Cabinet Office data security and architectures enabling the delivery of consistent security advice
* define requirements for improving and expanding our security tooling
* develop and update internal plans, processes, and knowledge base articles
* support wider Cyber Defence activities
* line manage, act as an escalation point for, and provide coaching and mentoring to, associate security analysts