Vulnerability Management Analyst

As a Vulnerability Management Analyst at WTW, you will work as part of the Vulnerability Management team, supporting WTW's Vulnerability Management lifecycle to ensure that vulnerability related risks are managed effectively and in a timely manner. Reporting directly to the Head of Vulnerability Management, you will collaborate closely with both the Cyber Offensive and Defensive teams to ensure the identified gaps in cyber security maturity are addressed. Your work will involve close coordination with other areas of Offensive and Defensive security, acting as a Vulnerability Management SME supporting these teams as well as engaging with the wider business. 

As well as supporting regular BAU activities, such as ensuring the smooth operation of scanning, reporting, prioritization, remediation tracking as well as communicating with the business, the VM Analyst will have opportunities to work on various projects to constantly improve the VM function, as well as building expertise in different areas to support the team. Regular training, staying on top of industry trends and understanding their implications will be critical in keeping WTW resilient against evolving threats. 

The Role:

Responsible for supporting the Vulnerability Management and ICS teams to help reduce vulnerability related risk within WTW.

• Expertise in Scanning/CMDB Tools: Develop/enhance expertise in WTW scanning tools (and supporting tools) and support scanning, reporting and data verification activities, to ensure high quality and accurate data for the business and stakeholders
• Tracking Vulnerability Remediation: Attending or leading remediation calls with different areas of the business in order to track and drive vulnerability remediation efforts, escalating where necessary
• Supporting internal projects: Support existing and upcoming internal projects, to enhance WTW’s ability to identify, prioritize and respond to vulnerabilities of varying risk within different areas of the business
• Collaboration with Business/Teams/Stakeholders: Work alongside senior members of both offensive (Red Team, Security Testing Team) and defensive teams. Help ensure that findings from vulnerability scans are communicated clearly to the business and any identified gaps are tracked and addressed
• Explore Emerging Technologies: Stay informed on the latest vulnerabilities and attack techniques in order to bolster WTW’s vulnerability remediation efforts
• Support BAU Processes: Work as an integral part of the team in order to support the WTW vulnerability management lifecycle, built into the company’s corporate controls.
• Report Findings and Metrics: Assist in ensuring vulnerability remediation reports are accurate and fit for purpose, as well as working to ensure that monthly metrics that are provided to stakeholders is accurate, effective and timely 
• Continuous Learning: Take advantage of training opportunities available within WTW, as well as self-learning to remain abreast of emerging vulnerability related threats as well as vulnerability related technical details
• Assist with Audits – Assist with both internal and external audits where required

The Requirements:

Technical Requirements:

• Familiarity with Vulnerability Scanning Tools – Overall familiarity with popular vulnerability scanning tools and how they work to identify vulnerabilities
• Understanding of Web, Network and Cloud Technologies – A good basic understanding of web and network architecture, as well as traffic at different OSI layers and cloud architecture
• Vulnerability Patching/Remediation – A good understanding of how vulnerability patches and other vulnerability remediation methods work, as well as reasons why patches may not be available, such as End of Life or unsupported products due to update mechanisms etc
• Attention to Detail – Ability to analyse large volumes of sometimes complex vulnerability data using PowerBi and Excel spreadsheets, while ensuring that data is complete and accurate
• Exposure to Offensive and Defensive Security: Some basic hands-on experience or academic exposure to both offensive and defensive security practices, with a focus on building knowledge in cyber operations.
• Collaboration Skills: Ability to work alongside more senior Cyber Security Operations team members, helping to support improvements in processes and technology controls.
• Awareness of Regulatory Requirements: A basic understanding of regulatory requirements such as DORA, related to cybersecurity, with an interest in learning how these impact technical controls and processes
• Basic Scripting Knowledge - Some basic knowledge of scripting would be desirable, such as Powershell, KQL, Python etc

Additionally, the following are desirable but not essential:

• Educational Background: A degree or coursework in Information Technology, Cybersecurity, or a related field.
• Certifications: Relevant cybersecurity certifications (such as CompTIA Security+, CEH, MS Azure, CISSP etc) are desirable.
• Interest in Leadership: A willingness to develop leadership and team collaboration skills over time.

Non-Technical Skills:

• Stakeholder Engagement: Ability to communicate effectively with both technical and non-technical team members, with a focus on learning how to build strong working relationships.
• Communication Skills: Strong verbal and written communication skills, with the ability to articulate technical issues clearly to diverse audiences.
• Team Collaboration: A proven ability to work collaboratively in a team setting, with an eagerness to contribute to a supportive and inclusive work environment.
• Problem-Solving Abilities: An interest in developing problem-solving skills, with a commitment to helping resolve issues and continuously improving the security framework.

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.