Save time and effort sourcing top tech talent
hackajob is partnering with NEXT Ltd to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
Working in the Information Security team you will focus on Vulnerability and Threat Management across the Next technology estate, with a particular focus on our Warehouse environment and the technology utilised within it to help maintain an awareness of new and emerging security threats and trends.
You will be responsible for identifying, assessing, validating and communicating new vulnerabilities across the other technical teams, ensuring the vulnerability management process is followed. Where required you will work with other IT teams to provide guidance and recommend mitigation strategies for vulnerabilities.
As a Senior Vulnerability Management Engineer a knowledge of the MITRE Attack Framework would be advantageous. You will help manage and configure our vulnerability scanning and reporting tools as well as helping administer Next’s Bug Bounty programme.
Where required you will create reporting to summarise findings and recommendations for a variety of audiences. The role also requires you to take a lead in reviewing incoming threat intelligence in order to assess its relevance and severity in context to our business, where appropriate you will provide reports on threats of interest to senior stakeholders and work with the relevant teams to proactively assess, test and mitigate any risk.
You will also be expected to maintain an awareness of the changing threat landscape and industry standards. Proactively work with Incident Response and Engineering to identify tactics and techniques used by threats actors and opportunities to improve the security of our environment. Propose and support implementing suitable countermeasures for threats identified through intelligence, testing and objective validation.
As a Senior Vulnerability Management Engineer you will also help mentor more inexperienced members of the team. You will also take a lead role in coordinating and overseeing efforts to mitigate significant threats or vulnerabilities identified by the team.
The role involves participating in a shift rota.
A monthly visit to the Enderby Head Office in Leicester is required, with additional visits scheduled as needed by the business or management.
Key Responsibilities
● Manage and maintain Vulnerability scanning and risk reporting tools.
● Take a lead role in planning in the estimation, scoping and delivery of key projects, ensuring progress is clearly communicated.
● Complete relevant security assessments, including debriefing key stakeholders on any
apparent risks
● Identify, execute and support requirements as part of RvB exercises.
● Ensure all relevant vulnerabilities are correctly triaged, risk assessed, logged and assigned to remediation teams.
● Support remediation teams with remediation strategies.
● Assist Incident Response team with the investigation and resolution of Security Incidents
when required.
● Create and maintain operation procedures, configuration and technical documentation to a
high standard.
● Manage and maintain metrics and reporting to demonstrate the effectiveness of our
vulnerability management programme.
● Subject matter expert for the Vulnerability Management team and helps coordinate efforts
when managing emergency remediation/mitigation.
● Maintain an awareness of new and emerging security threats and trends.
● Test or validate threat intelligence findings against our people, processes and technologies.
● Review threat intelligence and advise on recommended mitigation strategies where
appropriate.
● Act as a mentor for more inexperienced members of the Vulnerability Management team.
About you
● Experience managing and maintaining a Vulnerability Management tool.
● In depth understanding of Information Security including malware, emerging threats, attacks and vulnerability management.
● Proven Information Technology experience with an excellent understanding of
network protocols and server infrastructure including network segmentation.
● Windows Server and/or Linux experience.
● Ability to take a lead role in coordinating the timely diagnosis and resolution of major issues.
● Adheres to and promotes high standards.
● Understand and operate change management
● A team player who is hardworking and self-motivated.
● Possess an inquisitive and proactive approach to identifying security gaps.
● Ability to effectively plan and prioritise workloads, and to measure and report on current
progress.
● Ability to remain calm under pressure and clearly communicate to all levels of management.
● Excellent attention to detail.
● Adheres to and promotes high standards.
● Understanding of vulnerability and threat assessment frameworks, such as: CVSS, CVE, CWE,OWASP, MITRE.
● Operational Technology (OT) management experience in vulnerability scanning.
● Competent at keeping up to date on CTI (Cyber Threat Intelligence)
Desirable
● Experience with security or compliance standards such as PCI-DSS or ISO27001.
● Understanding and experience of working for a Retail company.
● Foundational understanding of Cloud based infrastructure
● Relevant industry recognised security qualification
● Understanding of DevOps architecture and code scanning.
● Offensive Security experience
● Experience of SCADA (Supervisory Control and Data Acquisition) systems monitor, Programmable logic controller PLC and control warehouse equipment
● Experience of managing a TIP (Threat Intelligence Platforms)
● Experience of Custom AI usage
hackajob is partnering with NEXT Ltd to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.