This website uses cookies to ensure you get the best experience. Learn more
Willis Towers Watson

Principal Vulnerability Analyst- 6 month fixed term contract

Summary of Role

6 month fixed term contract, with possibility to extend further.

The Principal Vulnerability Analyst will be responsible for implementing vulnerability scanning toolset strategy, reviewing the output and applying detailed analysis to provide a reduction of risk to the business, compliance with regulatory and customer obligations. Analysis will include identifying trends & patterns, advising on remediation approaches to provide appropriate timely remediation, promoting remediation with senior stakeholders and tracking remediation progress.

The role will work as part of a team who are focused on reducing the risk posed by vulnerabilities across the business. They will also work with people across the business who are responsible for remediating the identified vulnerabilities.
We are looking for a collaborative team player, with deep technical knowledge in this area and experience of pragmatic implementation in a fast paced environment. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business.

The Role
  • Implement and configure vulnerability management toolsets
  • Liaise with senior stakeholders to close coverage and control gaps, and promote remediation
  • Review and analyse vulnerability data to identify trends and patterns, and link asset and vulnerability data
  • Design & operate processes and procedures to uphold and ensure compliance with applicable policies & standards
  • Ensure vulnerability management operations meet regulatory, customer, and audit obligations
  • Design & operate the Vulnerability Management process including applicable change control, and security exceptions
  • Produce, review and distribute consumable, relevant and actionable reporting
  • Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
  • Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that vulnerabilities are understood and appropriately addressed.
The Requirements

Demonstrable track record over a number of years hands-on experience in this field of:
  • Remediation projects to close out vulnerabilities across stakeholders and suppliers
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • An understanding of organisational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Deep Technical expertise in:
  • Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP
  • Relevant technical solutions such as vulnerability management tooling including implementation
  • Vulnerability remediation tools & techniques
  • System security (operating systems, applications), networking, and web applications
Beneficial qualifications include:
  • Relevant vendor certifications
  • (ISC)2 CISSP
Equal Opportunity Employer 

Apply Now

Share this