Cyber Security Vulnerability Analyst

at  Ashurst LLP

ABOUT ASHURST

Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit .
Department/Role overview
The Cyber Security Vulnerability Analyst will collaborate with the Global Cyber Security Operations team to coordinate and fulfill requirements related to vulnerability management. This involves monitoring, reporting, and providing guidance to support various teams in meeting global vulnerability management and mandatory security requirements. The position will be located in Glasgow but will have a global reach as needed. This role reports to Cyber Security Operations Team Leader.

Main responsibilities

• Point of Contact:
• Act as the primary liaison for threat and vulnerability management activities in the UK, with extended support to Australia when necessary.
• Coordinate communication and responses with global IT and security teams.
• Ensure compliance with global security policies and standards.
• Operate Vulnerability Management Platform:
• Manage, maintain and operate the organisation’s vulnerability management tool.
• Conduct regular scans to identify vulnerabilities across IT assets.
• Ensure the platform is up-to-date with the latest vulnerability definitions and patches.
• Provide Technical and/or Non-Technical Advice:
• Assist various teams in understanding and mitigating identified vulnerabilities.
• Translate technical vulnerability details into business impact statements for non-technical stakeholders.
• Support security assessments, audits, and compliance reviews by providing vulnerability data.
• Responsible for New, Current and Emerging Vulnerabilities:
• Prepare and deliver regular reports and presentations on the vulnerability landscape.
• Inform stakeholders about critical vulnerabilities, potential impacts, and recommended actions.
• Stay updated on the latest threat intelligence and trends to provide relevant insights.
• Target Deliverables:
• Track and report on key performance indicators (KPIs), key risk indicators (KRIs), and service level agreements (SLAs) related to internal policy and mandatory security requirements.
• Analyse metrics to assess the effectiveness of the vulnerability management program and implement improvement where required.
• Regular Patch Meetings:
• Schedule and facilitate regular patch triage meetings to prioritise and address vulnerability patches.
• Collaborate with IT and business units to ensure timely patching and remediation efforts.
• Maintain a log of patching activities and outcomes.
• Drive Remediation Culture:
• Advocate for a proactive approach to vulnerability remediation across the organisation.
• Develop and promote best practices for vulnerability management and remediation.
• Conduct training and awareness sessions to enhance the security posture.
• Stakeholder Relationship:
• Build and maintain effective working relationships with key stakeholders, including wider IT, security and business units.
• Foster a collaborative environment to address security challenges.
• Act as a trusted advisor on vulnerability management issues.
• Error Reduction:
• Implement quality control measures to ensure accurate and reliable vulnerability scanning results.
• Review and refine scanning methodologies to minimise false positives and negatives.
• Enhance reporting processes to provide clear and actionable information.
• Quantifying Asset Risk:
• Assess and quantify the risk associated with identified vulnerabilities.
• Prioritise remediation efforts based on risk levels and potential impact.
• Use risk assessment frameworks to guide decision-making processes.
• BAU Checks and Deliverables for Vulnerability Management:
• Perform business-as-usual (BAU) activities related to vulnerability management.
• Ensure routine checks and maintenance tasks are completed as scheduled.
• Deliver regular updates and reports to management on the status of vulnerability management activities.
• Wider BAU and Project Engagement :
• The role extends beyond vulnerability management. You will also be expected to participate in broader business-as-usual (BAU) tasks as needed, fostering a culture of cross-skilling and adaptability. Additionally, there may be instances where your involvement as a project resource is necessary
• Process & Risk Management :
• A dhere to security, change and operational processes. Identifying potential risks and dependencies, and taking proactive measures to mitigate them.
• Service Delivery:
• Deliver high-quality services and meets stakeholder expectations consistently .
• Change Management:
• Ensuring changes to systems are implemented smoothly and do not negatively impact security, services or users.
• Continuous Improvement:
• Promoting a culture of continuous improvement, identifying opportunities to streamline workflows and enhance service delivery.
• Agile delivery and Prioritisation:
• Good understanding of Agile delivery and capable of effectively prioritising and managing tasks.
• Team Communication :
• Facilitating open communication within and across the wider business teams to foster collaboration and resolve issues efficiently.

Essential skills and experience

We are looking for a highly motivated individual with the following skills and experience:

• Relevant Cyber Security and/or IT experience.
• Experience in metric reporting and KPI/SLA management.
• Managing escalations to a satisfactory outcome.
• Experience delivering BAU initiatives and small internal projects using agile methodologies.
• Experience in understanding risk and risk appetite with security and vulnerability.
• Excellent communication skills, both verbal and written, along with a track record of establishing and maintaining effective relationships and collaborating with stakeholders.
• Strong organisational skills and comfortable working in a fast-paced environment.
• Demonstrated ability to take initiative and problem-solve.
• Remains calm under pressure, has the confidence to escalate issues or flag risks that may surface.
• Experience in working in a global environment and across multiple time-zones.
• Experience working with Jira, Azure DevOps, ITSM tools such as Cherwell and ServiceNow and the MS Office suite.

Desired skills and experience

• Experience and/or Cyber Security qualifications such as Comptia Sec+ and working with relevant vulnerability management e.g Rapid 7, Qualys, Nessus extending to SIEM, Endpoint D&R, Managed Services, DLP etc.

Background checks
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.

• Point of Contact:
• Act as the primary liaison for threat and vulnerability management activities in the UK, with extended support to Australia when necessary.
• Coordinate communication and responses with global IT and security teams.
• Ensure compliance with global security policies and standards.
• Operate Vulnerability Management Platform:
• Manage, maintain and operate the organisation’s vulnerability management tool.
• Conduct regular scans to identify vulnerabilities across IT assets.
• Ensure the platform is up-to-date with the latest vulnerability definitions and patches.
• Provide Technical and/or Non-Technical Advice:
• Assist various teams in understanding and mitigating identified vulnerabilities.
• Translate technical vulnerability details into business impact statements for non-technical stakeholders.
• Support security assessments, audits, and compliance reviews by providing vulnerability data.
• Responsible for New, Current and Emerging Vulnerabilities:
• Prepare and deliver regular reports and presentations on the vulnerability landscape.
• Inform stakeholders about critical vulnerabilities, potential impacts, and recommended actions.
• Stay updated on the latest threat intelligence and trends to provide relevant insights.
• Target Deliverables:
• Track and report on key performance indicators (KPIs), key risk indicators (KRIs), and service level agreements (SLAs) related to internal policy and mandatory security requirements.
• Analyse metrics to assess the effectiveness of the vulnerability management program and implement improvement where required.
• Regular Patch Meetings:
• Schedule and facilitate regular patch triage meetings to prioritise and address vulnerability patches.
• Collaborate with IT and business units to ensure timely patching and remediation efforts.
• Maintain a log of patching activities and outcomes.
• Drive Remediation Culture:
• Advocate for a proactive approach to vulnerability remediation across the organisation.
• Develop and promote best practices for vulnerability management and remediation.
• Conduct training and awareness sessions to enhance the security posture.
• Stakeholder Relationship:
• Build and maintain effective working relationships with key stakeholders, including wider IT, security and business units.
• Foster a collaborative environment to address security challenges.
• Act as a trusted advisor on vulnerability management issues.
• Error Reduction:
• Implement quality control measures to ensure accurate and reliable vulnerability scanning results.
• Review and refine scanning methodologies to minimise false positives and negatives.
• Enhance reporting processes to provide clear and actionable information.
• Quantifying Asset Risk:
• Assess and quantify the risk associated with identified vulnerabilities.
• Prioritise remediation efforts based on risk levels and potential impact.
• Use risk assessment frameworks to guide decision-making processes.
• BAU Checks and Deliverables for Vulnerability Management:
• Perform business-as-usual (BAU) activities related to vulnerability management.
• Ensure routine checks and maintenance tasks are completed as scheduled.
• Deliver regular updates and reports to management on the status of vulnerability management activities.
• Wider BAU and Project Engagement :
• The role extends beyond vulnerability management. You will also be expected to participate in broader business-as-usual (BAU) tasks as needed, fostering a culture of cross-skilling and adaptability. Additionally, there may be instances where your involvement as a project resource is necessary
• Process & Risk Management :
• A dhere to security, change and operational processes. Identifying potential risks and dependencies, and taking proactive measures to mitigate them.
• Service Delivery:
• Deliver high-quality services and meets stakeholder expectations consistently .
• Change Management:
• Ensuring changes to systems are implemented smoothly and do not negatively impact security, services or users.
• Continuous Improvement:
• Promoting a culture of continuous improvement, identifying opportunities to streamline workflows and enhance service delivery.
• Agile delivery and Prioritisation:
• Good understanding of Agile delivery and capable of effectively prioritising and managing tasks.
• Team Communication :
• Facilitating open communication within and across the wider business teams to foster collaboration and resolve issues efficiently