Back to Job Search

Vulnerability Management Engineer

Job Description

We have a current opportunity for a Vulnerability Engineer - Cyber on a contract basis. The position will be based in London. For further information about this position please apply.

6 Month Contrcat - Vulnerability Management Engineer

Vulnerability Programme, and a project is currently underway to mature the organisation's existing vulnerability management programme. The Cyber Programme is looking for a hands-on Vulnerability Management Engineer with deep expertise in security, specifically in the area of vulnerability management, someone who has proven expertise working in large programs across globally distributed teams and is well versed in vulnerability management processes and procedures.

The successful candidate should have many years of experience having worked specifically on vulnerability management and should be well versed with using security tooling for managing vulnerabilities, as well as creating standards and processes to support any on-going vulnerability management program. As the Vulnerability Management Engineer working on the vulnerability management project you will liaise and collaborate with teams within and outside GPT, including Infrastructure and Networking, Digital Workplace, DevOps and engineering colleagues, to enable prioritisation, escalation and remediation of vulnerabilities, as needed, looking to define what our critical assets are within the business to support prioritisation.

In addition to that there may be a need to interact with teams to review conceptual designs and deployment architectures for new and existing solutions, as well as configure existing tools to provide the security team with the necessary insights. You will be well embedded into the security engineering culture and will demonstrate full understanding of the landscape of tools, technologies and solutions that form the backbone of delivery of security management and will have held similar security architect or engineering roles at large diverse global organisations and will be comfortable interacting with colleagues in different time zones, different level of expertise and understanding and different cultures. The applicant should have an understanding of Security Threat and Risk Assessment methods which assist with understanding and translating the true risk of vulnerabilities found within the organisation. You will act as a lead on the Vulnerability Management Project, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management Responsibilities:

  • Actively participate in defining and gathering requirements for the vulnerability management programme, support with creating designs where required.

  • Develop, enhance and improve Conde Nast's existing vulnerability management program, and the deployed solution, ensuring we have total coverage across the organisation's assets, in both our digital and enterprise environments.

  • Discover, develop and regularly update our inventory of production systems and critical assets so vulnerability remediation can be prioritised, assist with tagging and classifying these accordingly.

  • Identify any existing gaps within the deployment and architecture and recommend changes or enhancements.

  • Support with coordinating technical security scanning, penetration testing, application security testing and similar monitoring and validation techniques, where required.

  • Ensure regular vulnerability scans are conducted at the network, operating system and database level on both internal and external systems within the organisation's enterprise.

  • Work with the Cloud Platform engineering teams to implement additional security controls to address vulnerabilities within their Cloud Platforms (i.e. AWS, GCP)

  • Define an approach and solution for ensuring assets which exist within our digital environments are being assessed for vulnerabilities.

  • Assist with integrating tools where needed and automate as much as possible, the management of vulnerabilities across infrastructure. ● You will create standards and processes related to Vulnerability Management working with the Cyber Security Team.

  • Act as a lead on the Vulnerability Management Project, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.

  • Support any requests for compliance scans to analyse configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components. Required Skills: This is a new role and is central to the changes we are making in the way we security is delivered at Conde Nast. To be successful, the candidate will need to have and demonstrate many of the following knowledge, skills and experiences, along with a proactive focused attitude; ● Have experience working on, delivering, supporting Vulnerability Management projects:

  • Experienced in defining, creating, implementing and embedding/enforcing, VM standards/policies/procedures/guidelines, inventory tools, processes and frameworks for identification, prioritisation and end to end management of different classes of assets & systems across large estates ● Previous experience having supported an organisation with identifying critical assets, tagging these and creating a prioritisation framework for remediation.

  • Experience of having worked with leading Vulnerability Management tools solutions such as Rapid 7, Qualys, Tenable.sc, Tenable.io ● Knowledge of Integration of vulnerability management tools such as Rapid 7, to support tagging and automatic ITSM ticketing of incidents in systems such as ServiceNow.

  • Designing and implementing processes for end to end life cycle management and remediating vulnerabilities.

  • An understanding of security engineering, system and network security, authentication and security protocols, or application security ● Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS

  • Working knowledge of Windows (Server and Desktop), MacOS, and Linux OS etc. ● Scripting ability required, bash, powershell etc. ● Good understanding of Active Directory, DNS, Group Policy, Okta (or other identity management provider) ● Understanding of security and compliance frameworks such as NIST, ISO27001, CIS, PCI-DSS ● Ability to explain vulnerabilities to different audiences - technical and business. ● Good knowledge of AWS's platform and solution offerings. ● Knowledge of monitoring and verifying the implementation of IT security baselines within the IT organisation. ● Experience of managing vulnerabilities in cloud and containers is essential. ● Good communication and presentation skills ● Good written language skills Educational Qualifications: ● Any of the following certifications would be advantageous: ○ CISSP or CISSP-ISSAP ○ Certified Ethical Hacker ○ Rapid 7 InsightVM Qualifications ○ Rapid 7 AppSec Qualifications ○ SANS SEC460 or MGT516 Qualification