Vulnerability & Remediation Analyst – Hampshire – SC cleared
Based within this leading organisation you’ll be undertaking Vulnerability and Remediation Analysis. You’ll have a proven background in reviewing, mitigating and remediating configured large IT systems from known vulnerabilities and a practical background in Networks and Software System Security.
- Review of expert findings alongside a Technical Assessment of reported vulnerabilities identifying mitigating and remediating solutions.
- Review of suppliers’ Security Patching proposals challenging and supporting Security Patch Levels
- Liaising with internal teams, suppliers and customers in the generation of revised Requirements Specifications.
- Establishing and review of Test Procedures for use in verifying compliance for mitigation and remediation of vulnerabilities.
- Managing the execution and witnessing of security verification activities, including direct hands on execution or as required the management of independent / 3rd party audit.
- Tracking conclusion of mitigation and remediation activities, reporting on vulnerability status folding back into a project Risk Register.
- Work closely with the Security Manager.
- Some overseas travel may be required
Secondary responsibilities (supporting additional team):
- Technical Assessment of the Risk Exposure from identified vulnerabilities against a Threat Catalogue.
- Identification of mitigations, moderating risk exposure.
- Generation of Risk Reports.
- Liaising with our Customer in support of corroborating status and review of the Risk Analysis.
- Supporting Accreditation Datapack generation.
- OS Lockdown definition, implementation and validation.
You need to demonstrate extensive experience and be able to operate on solo activities and also within multi-disciplined teams from engineering and security management.
- Report Writing and Technical Presentation
- An understanding of Vulnerability and Incident management (analysis, assessment, mitigation).
- Understanding Network Security: ACLs, Firewall Rules, DMZs
- An understanding of Network attack Methodologies
- Linux and Windows operating Systems, specifically Security enforcing mechanisms.
- Virtualisation technologies.
- Experience of nmap / Nessus and related Security Toolkits e.g .Kali Linux
- Compliance/Audit experience.
- CISSP or related certification
- Security Risk and Threat Analysis
- DOORs Requirements Management; MS Office
- OS Lockdown principles
6 month initial contract, SC clearance required