Return to jobs

Vulnerability and Compliance Analyst

Ref: BROADBEAN_476581663070742

on 13 September 2022
Contract Type

Vulnerability and Compliance Analyst required for a long term contract assignment based in Stevenage or Bolton

Information Management (IM) - Cyber Security Operations and CERT.

Reporting to the UK SOC Manager and Vulnerability Manager, you will support the IM SOC to defend against cyber threats and vulnerabilities by ensuring the IM and Manufacturing environments are following best practice and proactively managing identified vulnerabilities that could be exploited. Provide remediation action through compliance to relevant security standards and confirm that remediation is completed in accordance with the identified risk categorisation. This is a traversal function that covers all areas of IM and will require Group Coordination.


* Report and track remediation activities affecting all Infrastructure and applications within the agreed scope focussing on IoT and OT within IM and manufacturing.

* Support compliance and due diligence led activities, including regulatory updates.

* Lead on discovery activities and audits of environments.

* Establish relationships and collaborate with teams and stakeholders to create both tactical and strategic plans as it relates to vulnerability management.

* Champion security best practice within technology and be regarded as the 'go-to' individual for security vulnerability management.

* Provide security and remediation advice to cross-business stakeholders at a technical level.

* Proactive identification and communication of external themes and threats.

* Advise technical and non-technical audiences on appropriate prioritization of patch deployment.

* Manage vulnerability remediation by suppliers and teams through re-test & closure.

* Help drive security maturity in vulnerability management and security in general across the business, through positive engagement and teaching.

* Maintain and further improve the scanning scope and capability of the vulnerability scanning service, through automation and tooling.

* Manage the remediation plan of vulnerabilities discovered during penetration tests and health checks.

* Provide vulnerability assessment scan guidance and process oversight.

Skillset/experience required:

* Familiarity with Infrastructure and web application scanning tools (e.g. Qualys, Nessus) and relevant remediation management/risk tools supported in the Security Operations Centre (SOC)

* Managing vulnerabilities 2+ years (planning and remediation)

* A demonstrable knowledge of Vulnerability lifecycle management (MITRE) and IT/ OT/ IoT vulnerability remediation plans

* Experience or knowledge of risk management frameworks (e.g CIS, NIST)

* Sound understanding of network/infrastructure and web/mobile application weakness and anti-patterns (CWE, OWASP).

* An in depth understanding of cyber security technologies and applicable security controls

* A good understanding of information security principles and best-practices

* Ability to carry out risk assessments

* Supplier engagement and collaboration

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.