EWT Security | Vulnerability Management Analyst - AM

The role involves supporting the end to end vulnerability management (VM) service.  The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.

The Vulnerability Management Analyst will:

• Work collaboratively with internal stakeholders to perform risk based technical assessments on technical vulnerabilities;
• Provide vulnerability remediation prioritisation recommendations to internal stakeholders;
• Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation issues as necessary;
• Influence colleagues to drive vulnerability remediation in a collaborative manner to help achieve operational and strategic targets;
• Perform review of any exception requests related to technical vulnerabilities, providing recommendations and documenting findings and actions;
• Identify and drive vulnerability management service improvements, especially through the use of automation.
• Collate and analyse data from internal stakeholders on technical vulnerabilities to support any information requests from leadership and or KPMG clients;
• Support configuration and reporting requests within vulnerability management technology;
• Work with vulnerability management technology vendors to support any vulnerability management activities;
• Attend and support internal and external audits from a vulnerability management service perspective;
• Support investigations and resolutions of security problems to find a root cause and find a balanced outcome;
• Provide analysis on trends and proactively highlight issues and areas of concern;
• Maintain and update service documentation, such as process guides;
• Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs).
• Provide advice to VM service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks,
• Input to development of vulnerability management standards and security policies;
• Work towards and achieve or extend professional certifications as part of personal development.

You must have:

• Minimum 1-2 years relevant experience in a similar vulnerability management analyst role;
• Understanding of the tooling associated with vulnerability management.
• Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure;
• Experience and knowledge in vulnerability management of container or serverless platforms;
• Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services; 

It would be advantageous if you can demonstrate some, or all of:

• Experience and knowledge of Google Cloud Platform;
• Experience and knowledge of web application vulnerability scanning
• Experience of Industry standard Vulnerability Management tooling such as such as Qualys, Tenable, Microsoft Defender ATP and ServiceNow; Experience of other industry leading Risk based vulnerability management tooling, such as Kenna Security or other security related vulnerability management platforms.
• Any security or vulnerability management product certification.