Threat and Vulnerability Lead

Posted 07 July 2019
Salary Up to £0.00 per annum
LocationCity of London
ReferenceBBBH89598_1562575227
Contact NameJaveed Ouditt

Job description

Threat and Vulnerability Lead - OWASP, Application, Threat, Web, Apps, API, Infrastructure Vulnerability Assessments.
A Threat and Vulnerability Lead is required to join a Central Government Authority on a contract basis based in their Central London office.


Key Responsibilities:

  • Manage vulnerability management program, scanning functions, code review, Firewall review ensuring regular scanning is completed at key milestones or after significant change in the environment and review of assets and applications to identify network, infrastructure, and configuration vulnerabilities;
  • Engage with Security Product Leads and Leadership within to continuously enhance and communicate the importance of vulnerability remediation from a technical perspective;
  • Using the existing collaborative toolset, ensure that all vulnerabilities are tracked and have an appropriate owner.
  • Ensure new/all vulnerabilities are communicated in a standard, efficient and timely manner.
  • Using the existing toolset, design and deploy the relevant vulnerability management infrastructure to support the development lifecycle.
  • Support new project, programs or initiatives with vulnerabilities scanning of new or existing assets as required
  • Review and risk assess the criticality and priority of all vulnerability scans (along with existing toolset for prioritization)
  • Engage with development teams to ensure code is secure
  • Aid development and infrastructure teams in remediation of the vulnerability scan results.
  • Ensure that discovered vulnerabilities risk are written with business context in mind.

Key Requirements:

  • Minimum of 2 years working on large scale threat & vulnerability management
  • Good knowledge and experience with XaaS solutions such as AWS, Adobe, etc
  • Good knowledge of working with vulnerability management tools such as Sonarqube, Nessus, Burp suite, etc
  • Good technical knowledge of Linux (RHEL, Debian, OpenSUSE, Ubuntu) Windows Server/Desktop, etc
  • Good knowledge of development languages (Java, Python, JavaScript, NodeJS, Ruby)
  • Technical knowledge and experience of IT architecture and infrastructure
  • Good understanding of information security standards
  • Broad knowledge of good security practice ensuring all aspects of Confidentiality, Integrity and Availability are adhered to;
    • Excellence at stakeholder engagement and build strong partnerships across the technology and business team
    • Knowledge on security best practices and frameworks (ISOIEC 27001, NIST, COBIT, ISF, ITIL, SABSA, OWASP)

ONLY CANDIDATES WITH ACTIVE SC CLEARANCE CAN BE CONSIDERED DUE TO EXISTING TIME CONSTRAINTS