Vulnerability Remediation Lead

at  Vodafone

WHO YOU ARE

• Must be eligible for SC Clearance

• Deep understanding of Vulnerability Management, Patch Management and Hardening principles.

• Use and management of vulnerability scanning toolsets e.g. Qualys, Tenable, Rapid7.
• Use and management of patching toolsets e.g. IBM BigFix, BMC TrueSight, Microsoft SCCM, with the ability to troubleshoot and resolve issues within these tools.
• Proficiency in understanding complex vulnerabilities and security issues and the ability to troubleshoot any technical issues which may impact the ability to resolve these both independently and provide guidance to others on how to do so.
• Experience in networking concepts (TCP/IP, Routing, Firewalls)
• Experience in IT concepts, including serverless and containerisation, with a detailed understanding of server operating systems (Windows and Linux).
• Experience of managing complex infrastructure environments in line with industry best practice.
• Experience in working on and managing a VMWare vSphere environment.
• The ability to develop scripts to automate reporting processes (particularly Python experience).
• Experience of devising, visualising and presenting Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
• Understanding of the regulatory and compliance environment, including PCI-DSS, the UK Telecom Security Act and ISO27001.
• Strong written and oral communication skills, the ability to influence stakeholders and explain complex security requirements in simple terms.
• The ability to build great working relationships and are culturally sensitive and socially flexible in a global corporate environment.
• Security related industry accreditations such as CISSP, CISM, CREST, GIAC (desirable but not essential)

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to apply as you may be the right candidate for this role or another role, and our recruitment team can help you see how your skills fit in.

As a Vulnerability Remediation Lead, your role will be to drive risk reduction across the Vodafone UK estate acting as a Subject Matter Expert on topics such as vulnerability mitigation, system hardening and applicable regulatory standards. You will work within the UK Cyber Security Team to ensure that service owners are patching systems within the defined SLA. Where this is not possible, you will work with a mixture of management and technical stakeholders to define solutions, apply applicable mitigating controls, and reduce the level of risk. You will also use various sources of information – both internal and external, to demonstrate and report on Vodafone’s security posture to senior stakeholders and influence key strategic decisions on security topic.

This role provides an excellent opportunity to work on a variety of technologies in a fast-developing industry, improving on innovative Vulnerability Management and Patching solutions. You will feel part of a close-knit team and will work with autonomy whilst interacting with innovative teams across Vodafone.

• Support the Vulnerability Manager and be able to deputise on their behalf.
• Apply subject matter expertise to secure our IT, Networks and Cloud estates through remediation best practices. You will work with risk functions to highlight risk and appropriate actions for resolution and where appropriate you will present on these topics to drive the right level of attention and awareness.
• Support the patching platform day-to-day and help both define the strategy around it and raise awareness of it. You will investigate and resolve issues encountered by users, ensuring they can patch their systems in a timely and effective manner. You will also develop the platform to wider uses supporting vulnerability remediation efforts and increase it’s return on investment.
• Support with the review of and providing technical guidance around regulatory requirements relating to Vulnerability Management and Patch Management, as well as the operation of our toolsets in line with these requirements.
• Develop and improve automated vulnerability management reports and dashboards, giving stakeholders access to more bespoke, relevant and frequent data which better supports their remediation efforts.
• Provide in-depth, technical analysis of security issues and provide detailed suggestions for improvements and appropriate mitigating controls to be implemented.
• Continuously mature best practices around vulnerability remediation and promote these within Cyber Security and beyond.
• Develop and maintain relationships with a variety of stakeholders at various levels.
• Provide advice and guidance to Vulnerability Remediation Specialists.
• Communicate fluently orally and in writing, and present complex technical information to both technical and non-technical audiences.
• Encourage Secure by Design principles.