欲随时了解新空缺职位
    加入我们的人才交流群

    Vulnerability Management Analyst

    London, England, United Kingdom

    Vulnerability Management Analyst

    • 202407272
    • London, England, United Kingdom
    • Closing on: Dec 31 2024

    Description

    As a Vulnerability Management Analyst at WTW, you will work as part of the Vulnerability Management team, supporting WTW's Vulnerability Management lifecycle to ensure that vulnerability related risks are managed effectively and in a timely manner. Reporting directly to the Head of Vulnerability Management, you will collaborate closely with both the Cyber Offensive and Defensive teams to ensure the identified gaps in cyber security maturity are addressed. Your work will involve close coordination with other areas of Offensive and Defensive security, acting as a Vulnerability Management SME supporting these teams as well as engaging with the wider business. 

    As well as supporting regular BAU activities, such as ensuring the smooth operation of scanning, reporting, prioritization, remediation tracking as well as communicating with the business, the VM Analyst will have opportunities to work on various projects to constantly improve the VM function, as well as building expertise in different areas to support the team. Regular training, staying on top of industry trends and understanding their implications will be critical in keeping WTW resilient against evolving threats. 

    The Role:

    Responsible for supporting the Vulnerability Management and ICS teams to help reduce vulnerability related risk within WTW.

    • Expertise in Scanning/CMDB Tools: Develop/enhance expertise in WTW scanning tools (and supporting tools) and support scanning, reporting and data verification activities, to ensure high quality and accurate data for the business and stakeholders
    • Tracking Vulnerability Remediation: Attending or leading remediation calls with different areas of the business in order to track and drive vulnerability remediation efforts, escalating where necessary
    • Supporting internal projects: Support existing and upcoming internal projects, to enhance WTW’s ability to identify, prioritize and respond to vulnerabilities of varying risk within different areas of the business
    • Collaboration with Business/Teams/Stakeholders: Work alongside senior members of both offensive (Red Team, Security Testing Team) and defensive teams. Help ensure that findings from vulnerability scans are communicated clearly to the business and any identified gaps are tracked and addressed
    • Explore Emerging Technologies: Stay informed on the latest vulnerabilities and attack techniques in order to bolster WTW’s vulnerability remediation efforts
    • Support BAU Processes: Work as an integral part of the team in order to support the WTW vulnerability management lifecycle, built into the company’s corporate controls.
    • Report Findings and Metrics: Assist in ensuring vulnerability remediation reports are accurate and fit for purpose, as well as working to ensure that monthly metrics that are provided to stakeholders is accurate, effective and timely 
    • Continuous Learning: Take advantage of training opportunities available within WTW, as well as self-learning to remain abreast of emerging vulnerability related threats as well as vulnerability related technical details
    • Assist with Audits – Assist with both internal and external audits where required

    Qualifications

    The Requirements:

    Technical Requirements:

    • Familiarity with Vulnerability Scanning Tools – Overall familiarity with popular vulnerability scanning tools and how they work to identify vulnerabilities
    • Understanding of Web, Network and Cloud Technologies – A good basic understanding of web and network architecture, as well as traffic at different OSI layers and cloud architecture
    • Vulnerability Patching/Remediation – A good understanding of how vulnerability patches and other vulnerability remediation methods work, as well as reasons why patches may not be available, such as End of Life or unsupported products due to update mechanisms etc
    • Attention to Detail – Ability to analyse large volumes of sometimes complex vulnerability data using PowerBi and Excel spreadsheets, while ensuring that data is complete and accurate
    • Exposure to Offensive and Defensive Security: Some basic hands-on experience or academic exposure to both offensive and defensive security practices, with a focus on building knowledge in cyber operations.
    • Collaboration Skills: Ability to work alongside more senior Cyber Security Operations team members, helping to support improvements in processes and technology controls.
    • Awareness of Regulatory Requirements: A basic understanding of regulatory requirements such as DORA, related to cybersecurity, with an interest in learning how these impact technical controls and processes
    • Basic Scripting Knowledge - Some basic knowledge of scripting would be desirable, such as Powershell, KQL, Python etc

    Additionally, the following are desirable but not essential:

    • Educational Background: A degree or coursework in Information Technology, Cybersecurity, or a related field.
    • Certifications: Relevant cybersecurity certifications (such as CompTIA Security+, CEH, MS Azure, CISSP etc) are desirable.
    • Interest in Leadership: A willingness to develop leadership and team collaboration skills over time.

    Non-Technical Skills:

    • Stakeholder Engagement: Ability to communicate effectively with both technical and non-technical team members, with a focus on learning how to build strong working relationships.
    • Communication Skills: Strong verbal and written communication skills, with the ability to articulate technical issues clearly to diverse audiences.
    • Team Collaboration: A proven ability to work collaboratively in a team setting, with an eagerness to contribute to a supportive and inclusive work environment.
    • Problem-Solving Abilities: An interest in developing problem-solving skills, with a commitment to helping resolve issues and continuously improving the security framework.

    Equal Opportunity Employer

    At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

    At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.

    Apply Now

    不是你?

    谢谢

    自主投递说明

    自主投至韦莱韬悦公司网站或员工企业邮箱的个人简历或申请人档案将视为归韦莱韬悦所有,我们无需为此向代理招聘机构支付费用。韦莱韬悦授权的代理招聘机构或猎头公司须持经由韦莱韬悦授权招聘官签署的有效正式书面合同,且须仍与韦莱韬悦保持合作关系。简历须按照我们的申请人提交流程进行提交,包括针对特殊招聘提交的简历。代理招聘机构或公司如不按申请流程提交简历,韦莱韬悦将不会为此支付招聘费用。韦莱韬悦提倡公平招聘。如您希望我们保存您的联系信息,以备日后有合适机会时与您联系,请发送邮件至:Agency.inquiries@willistowerswatson.com

    我们的机构

    我们的同事遍及全球140多个国家及市场。我们的业务已基本全面实现国际化,为协作与发展创造了绝佳机遇。查看以下地图,了解韦莱韬悦可以在哪里为您提供机遇。

    认识我们的员工