DescriptionThe Specialist Bank Global Vulnerability Management team is responsible for managing the security and compliance of Investec systems and applications to established standards and to highlight and track risks identified through the vulnerability management program to completion.
As a member of this team, the Vulnerability Management Analysts are responsible for scanning the technical estate for vulnerabilities against agreed security standards and work with the operational teams to provide advice and guidance to remediate any non-compliance.
The team will also work closely with the Red Team to assist with understanding vulnerability exploitation to assist with prioritising vulnerabilities and security misconfigurations.
The successful candidate must have experience of working in a fast-paced technical IT/Information Security role with knowledge of enterprise IT environments and operational activities.
Primary Responsibilities• The roles responsibility spans a range of internal and external infrastructure, applications, cloud based (SAAS, PAAS) and database environments and includes strategic and operational activities• The candidate will have a specific responsibility for all our security vulnerability and compliance activities, running daily vulnerability management operations and contributing to improving the capability and future development of the function across all platforms• The candidate will be exposed to vulnerability management of all the above areas and can expect to improve their experience across a wide range of technical vulnerability management platforms as part of the role• A strong focus at the operational level to ensure that security vulnerabilities are identified and tracked to remediation• Maintenance of security agent tools and coverage• Monitoring of security hygiene dashboards• Monitoring alerts from multiple toolsets• Automation of tasks to enable a focus on priority objectives and improvement• Focus on research and investigating, spotting potential issues and being proactive about vulnerability identification and management of our security posture Experience, skill and capability• Minimum of 5 years of experience in a cyber security related role (preferably vulnerability management)• A high level of self-motivation and self-sufficiency• The ability to plan and prioritise effectively• The ability to develop good working relationships with teams in multiple locations and operating environments• The ability to analyse and evaluate security events across a range of technologies and work with several technologies• Diligence with routine tasks• The ability to assist in providing technical solutions to multiple teams across several operating systems and applications• Experience in interacting with auditors and providing accurate reporting of findings• Ability to work independently and in a team, showing initiative and adaptabilityShared responsibilitiesIn addition to the primary focus for the role, candidates operate as part of a wider security team, and as such need to be able to support and understand a range of other activities within the scope of IT Security Operations, including: • Maintain knowledge and support of Vulnerability Management processes• Maintain knowledge and support of endpoint security controls• Remediation of identified IT risk & security issues: owners; action plans; dates• Provide out-of-hours of weekend support as required (, DR tests)• Security reviews of BAU changes• Development of Operational Security Procedures• Establish security best practice and evolve process maturity• Develop & extend IT Security OKR's• Maximise use of Security toolsets• Provide Support for Group Security initiativesCore skills and knowledge• To always act with integrity and embrace the philosophy of treating our customers fairly (compulsory)• Regulatory knowledge as applicable to role (compulsory)• Relevant information security professional qualifications, accreditations, or similar relevant experience• Experience of working within enterprise IT environments with strong governance and compliance requirements (finance, oil & gas, consulting) is preferable.• Energy, enthusiasm, drive, direction, and results-orientation.• Positive can-do attitude.• Mindset - Proactive, challenging, questioning and analytical.• Proven technical knowledge, skill, and experience across several relevant IT disciplines.• Strong attention to detail.• Ability to work in a global matrix environment with interfaces to multiple teams / reporting lines.Technologies• Working knowledge of SPLUNK (creating alerts, reports, and connecting to data sources in a variety of technologies).• , , NetSparker, WP Scan, BitSight, Qualys, Rapid 7 • Working knowledge of IT Service Management system, EG: Service Now• Working knowledge of cloud environments (Azure, AWS) Desirable• Knowledge of endpoint security technologies• Good understanding of software packaging and deployment mechanisms and processes• Scanning Platform qualification (Tenable, Qualys etc)• Azure Fundamentals certification• Understanding of Security baseline standards IE: CIS, NIST, ISO • Linux/Unix knowledge a benefit• Patching tool experience (SCCM, JAMF, Red Hat Satellite) The Investec CultureAt Investec we look for intelligent, energetic people filled with passion, integrity and curiosity.
We value individuals who in turn value our culture that is, a flexible attitude comfortable to live with ambiguity and willing to challenge the status quo.
Diversity, talent and leadership are respected in pursuit of the growth of our business.
People who can manage themselves and build strong relationships in order to get things done, will perform in out of the ordinary ways in our environment.
We are committed to diversity and inclusion when recruiting internally and externally.
