Senior Vulnerability Management Specialist
London
Applications have closed
Deliveroo
We deliver your takeouts or essential groceries from the best-rated local partners straight to your door. Download our app or order online. Food. We Get It.
At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.
We are looking for an experienced and outcome-driven Senior Vulnerability Management Specialist with excellent stakeholder management skills to join our fast-growing Security function. In this role you’ll be primarily responsible for designing, embedding and operating Deliveroo’s policy for managing security vulnerabilities. You will chair the vulnerability management working group and will work directly with external partners and technology leaders across the business to create pragmatic solutions proportional to identified security risks.
This role presents a great opportunity to have an outside impact on the trajectory of a business that is growing at a breakneck pace. You’ll directly impact how Deliveroo identifies and remediates vulnerabilities across its systems. As we continue to increase our security maturity, your role in driving sound vulnerability management across the company will play a major part in our story.
What you’ll be doing. You will:
- Design, embed and manage a scalable vulnerability management policy, setting out clear prioritisation thresholds and taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations
- Chair the vulnerability management working group
- Produce and deliver vulnerability management reporting to relevant committees and stakeholders
- Enable system owners to manage their vulnerabilities within defined thresholds by providing them with clear visibility of relevant vulnerabilities and remediation expectations
- Advise stakeholders across the company on the security risks, prioritisation and mitigation of identified vulnerabilities
- Closely collaborate with other teams in the security function to roll out a consistent approach to vulnerability management
- Work with external partners to deliver penetration tests and red teaming exercises
Requirements. You are or have:
- Significant experience in vulnerability management in a fast paced business, preferably a technology company
- Bachelor's degree in Computer Science or equivalent practical experience.
- Previously defined policy and deployed tools for managing vulnerabilities in a cloud native environment
- Experience in assessing technical security vulnerabilities and having difficult conversations with internal and external stakeholders
- Experience in working with external partners to deliver penetration testing and red team exercises
- Comfortable interacting with different stakeholders across the business in both technical and non-technical roles
- Sound technical understanding of modern cloud technologies (eg AWS, Docker, Kubernetes) and CI/CD workflows
- Familiar with security standards such as PCI-DSS and NIST
Preferred, but not required:
- Relevant industry certifications such as CISSP, CISM, CRISC, OSCP
- Cyber kill chain, MITRE attack framework
Why Deliveroo?
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth and relocation.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.
Tags: AWS CI/CD CISM CISSP Cloud Computer Science CRISC Cyber Kill Chain Docker Finance Kubernetes NIST OSCP Pentesting Red team Vulnerabilities Vulnerability management
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs