Senior Attack Surface Reduction, Vulnerability Management
You will have a firm grasp on Infrastructure technologies / environments and then moved in to specialising in Vulnerability Assessment / Vulnerability Management tools (implementation and usage of). This is not a Vulnerability Assessment role, you will not be hands on the VA tools – this is very much a broader VM Attack Surface Reduction role working alongside the VA teams and working with the business / stakeholders for a major financial operating in the UK.
Milton Keynes, Buckinghamshire based – financial services.
Hybrid working x3 days a week in office, x12 days a month.
£80 – 96,000 + Excellent Banking Benefits + Bonus
You will play a critical role in proactively identifying and mitigating potential security risks and vulnerabilities in systems, applications, and networks, to prevent unauthorised access, data breaches, and other security incidents.
Manage deliverables which are closely coordinated with and integrated across all Cyber functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business / 3rd party engagements.
Delivering solutions to reduce the attack surface of UK assets from analysis of cyber metrics.
Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders.
Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability lifecycle, critical vulnerability triage, risk reporting, and consultation and mitigation techniques.
Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attack surface.
The ability to design and execute scenario based tests tailored to the firm’s infrastructure and practices.
You will be able to:
Experienced in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly.
Understanding of vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS)