Vulnerability Management Specialist

Summary

Marks & Spencer is seeking a Vulnerability Management Specialist to join our Cybersecurity team. This role is essential for identifying, analysing, and facilitating the remediation of vulnerabilities within our M&S wider infrastructure to mitigate risks and protect the company's assets. The ideal candidate will have a strong foundation in cybersecurity practices, with a focus on vulnerability assessment and management. Working closely with IT and cybersecurity teams, you will contribute to developing and maintaining a robust vulnerability management program that supports Marks & Spencer's security posture and compliance requirements.

What’s in it for you

Being a part of M&S is exactly that – playing your part to bring the magic of M&S to our customers every day. We’re an inclusive, dynamic, exciting, and ever evolving business built on doing the right thing and bringing exceptional quality, value, service to every customer, whenever, wherever and however they want to shop with us. 

Here are some of the benefits we offer that make working for M&S just that little bit more special… 

• 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household. 
• Competitive holiday entitlement with the potential to buy extra holiday days! 
• Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business. 
• A generous Defined Contribution Pension Scheme and Life Assurance. 
• A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills. 
• Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing. 
• Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family. 
• Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family. 
• A charity volunteer day to support a charity or cause you're passionate about through a dedicated day away from work. 

What you'll do

• Conduct regular vulnerability scans across various systems, networks, and applications to identify security weaknesses.
• Analyse vulnerability scan results meticulously, prioritizing vulnerabilities based on their actual risk level (and not just through CVSS or EPSS criteria), and provide actionable remediation recommendations.
• Oversee the entire vulnerability management process, including identification, prioritization, investigation, and tracking of remediation efforts.
• Collaborate with various internal stakeholders to ensure timely remediation of identified vulnerabilities.
• Maintain up-to-date knowledge of emerging threats, vulnerabilities, and security practices to enhance vulnerability management processes.
• Perform both technical and non-technical assessments to identify and address vulnerabilities, maintaining a balanced approach across various technology areas.
• Develop and implement Standard Operating Procedures (SOPs) and Service Operating Models (SOMs) to standardize vulnerability management processes.
• Support the development and improvement of vulnerability management policies, procedures, and standards.
• Assist in compliance audits, incident response, compliance, SOC and risk assessments activities by providing vulnerability analysis reports, result outcome and briefing on remediation prioritization.
• Facilitate vulnerability risk assessments for new and existing technologies being introduced into the organization.

Who you are

• Competence in managing and optimizing vulnerability and configuration scanning tools (e.g., Tenable, Qualys, InsightVM). 
• Hands-on experience with vulnerability scanners (commercial and open-source solutions)
• Proven experience of using APIs of various solutions. 
• Proficiency in data analysis and reporting tools (Excel, Power BI) to support vulnerability management reporting. 
• Good understanding of cloud architectures (Azure, AWS) and the security implications of cloud-based infrastructure. 
• Knowledge / experience of vulnerability testing and validation techniques, including the use of Kali Linux and associated tools.

Everyone’s welcome

We are ambitious about the future of retail. We’re disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We’re transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen. 

We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together. 

If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.

#LI-LS1