Threat and Vulnerability Manager

Company Description

We’re ASOS, the online retailer for fashion lovers all around the world. 

We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you’re free to be your true self without judgement, and channel your creativity into a platform used by millions. 

But how are we showing up? We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter and we placed 8th in the Inclusive Top 50 Companies Employer list.  

Everyone needs some help showing up as their best self. Let our Talent team know if you need any adjustments throughout the process in whatever way works best for you

Job Description

As an experienced Threat & Vulnerability Manager, you will lead the team responsible for posture management, controls monitoring/response, vulnerability management, penetration testing, threat intelligence, application security and reporting. You will be primarily responsible for the initial setup of the team and it’s processes, and intimately involved in the projects it has to deliver.

You will co-ordinate and track remediation of all Penetration Testing within the business and provide accurate, timely operational reporting to the Security and Technical Leadership Teams.

We’re quite passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop on an ever growing and changing security landscape.

This role is based from our London HQ 2 days per week. 

Responsibilities:

• Lead the Threat Management team in the delivery of all services detailed above, providing guidance, support, and mentorship to foster professional growth and maximise individual and team performance.
• Develop and enhance ASOS Threat Intelligence capabilities, including Brand Protection
• Manage and analyse the output from Vulnerability Management solutions, to triage security threats and vulnerabilities and prioritise remediation activities across the business.
• Horizon Scan, by monitoring security blogs, threat feeds and vendor updates for emerging threats and vulnerabilities that could affect the business.
• Manage and maintain the assurance and security advisory services within the team, proactively reaching out to areas of the business that require it.
• Work closely with technical delivery, DevOps and Platform teams to triage and remediate security threats and vulnerabilities, and promote SDLC policy and processes
• Develop prioritised remediation plans in conjunction with technical delivery teams and track actions.
• Collaborate with our MSSP partner and the incident response team in investigating and responding to security incidents, providing expertise and support in the utilisation of security technologies to identify, contain, and remediate threats.

Qualifications

About you: 

• Proven experience in Attack Surface and Continuous Vulnerability Management, with a focus on Threat Intelligence, Penetration Testing and Security Assurance
• Strong technical background and understanding of software development (SDLC) and infrastructure
• Strong understanding of information security concepts, technologies, and best practices
• Proficient in using vulnerability scanning tools such as Nessus, Qualys, Rapid7, Wiz, OpenVAS, and penetration testing frameworks like Metasploit.
• Knowledge of security and risk frameworks, plus regulatory compliance frameworks (e.g., PCI DSS, HIPAA, ISO 27001)
• Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to application security and vulnerability management
• Professional certifications such as CISSP, CISM, CISA, or other relevant certifications
• Experience in managing risks and issues and implementing mitigation strategies
• Ability to manipulate data, extract insight and provide reporting to key stakeholders for actionable tasks

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme 
• Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits