This role is an exciting opportunity to join us and work within our Cyber Fusion Centre (CFC). As we continue to evolve our business models to keep them efficient and effective in the face of increased IT and digital threats, the CFC is an Intelligence Hub, and future-proofed not just responsible for traditional “detection” and “response” of security incidents but will monitor, react and detect - that will inform decision making at every level of the business.
What you'll do:
- Work with the Team on implementation of continuous web application and cloud vulnerability scanning programmes
- Use commercial and open-source tools to scan and identify vulnerabilities in infrastructure and web applications
- Follow up on identified vulnerabilities and ensure the recommendations for remediation are followed in line with the company SLA’s
- Continuously improve the vulnerability risk assessment and remediation processes
- Work with the Security Development Team on automation of repetitive tasks and integration of vulnerability scanning tools with the centralized vulnerability management platform
- Work with the Threat Intelligence and Incident Response Teams on proactively identifying and assessing emerging threats
What we look for
- Proven hands-on experience in using web application assessment tools (e.g. Burp Suite, ZAP, Arachni)
- Proven experience in using vulnerability scanning solutions (e.g. Tenable, Nexpose, Qualys)
- Knowledge of application and system vulnerabilities and exposures
- Understanding of Vulnerability Management process
- Knowledge of OWASP Top 10
- Practical knowledge of Unix/Linux
- Experience with Cloud Platforms (e.g. AWS, GCP, Azure) is desirable
- Experience with Elasticsearch is a plus
- Experience with scripting languages (e.g. Python) is a plus