Senior Vulnerability Management Specialist

At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.   

We are looking for an experienced and outcome-driven Senior Vulnerability Management Specialist with excellent stakeholder management skills to join our fast-growing Security function. In this role you’ll be primarily responsible for designing, embedding and operating Deliveroo’s policy for managing security vulnerabilities. You will chair the vulnerability management working group and will work directly with external partners and technology leaders across the business to create pragmatic solutions proportional to identified security risks.

This role presents a great opportunity to have an outside impact on the trajectory of a business that is growing at a breakneck pace. You’ll directly impact how Deliveroo identifies and remediates vulnerabilities across its systems. As we continue to increase our security maturity, your role in driving sound vulnerability management across the company will play a major part in our story.

What you’ll be doing. You will:

• Design, embed and manage a scalable vulnerability management policy, setting out clear prioritisation thresholds and taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
• Chair the vulnerability management working group
• Produce and deliver vulnerability management reporting to relevant committees and stakeholders
• Enable system owners to manage their vulnerabilities within defined thresholds by providing them with clear visibility of relevant vulnerabilities and remediation expectations
• Advise stakeholders across the company on the security risks, prioritisation and mitigation of identified vulnerabilities
• Closely collaborate with other teams in the security function to roll out a consistent approach to vulnerability management 
• Work with external partners to deliver penetration tests and red teaming exercises

Requirements. You are or have:

• Significant experience in vulnerability management in a fast paced business, preferably a technology company
• Bachelor's degree in Computer Science or equivalent practical experience.
• Previously defined policy and deployed tools for managing vulnerabilities in a cloud native environment
• Experience in assessing technical security vulnerabilities and having difficult conversations with internal and external stakeholders
• Experience in working with external partners to deliver penetration testing and red team exercises
• Comfortable interacting with different stakeholders across the business in both technical and non-technical roles
• Sound technical understanding of modern cloud technologies (eg AWS, Docker, Kubernetes) and CI/CD workflows 
• Familiar with security standards such as PCI-DSS and NIST

Preferred, but not required:

• Relevant industry certifications such as CISSP, CISM, CRISC, OSCP
• Cyber kill chain, MITRE attack framework 

Why Deliveroo?

Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.

We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.

Workplace & Diversity

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.

We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.