Reporting to the Global Security Operations Manager with responsibility for driving a successful enterprise vulnerability management programme.
- Challenging vendors on poor performance and continual service improvements
- In conjunction with our security architects, has product ownership for Costa’s vulnerability management tooling
- Responsible for assurance of all BAU vulnerability management processes managed by Costa Security Operations or by our nominated MSSP’s
- Management of Costa’s global vulnerability posture, from identification through to remediation.
- Improving Costa’s global security posture through driving successful remediation efforts with internal and external teams responsible for infrastructure and applications.
- As a subject matter expert proactively identify and drive technical, process or organisational improvements to Costa’s global vulnerability management capability
- Producing monthly metrics and KPI’s evidencing analysis of vulnerability risk and remediation progress
- Provide leadership and direction to the global Costa community on all aspects of vulnerability management across user endpoints, servers, networks and applications
- Chairing Global Patching and Vulnerability Management forums
i.e., Scopes, prioritises and leads service improvement initiatives for vulnerability management platforms and management processes
- Experience of working with and building effective cross functional relationships with diverse teams
- Strong knowledge of networking fundamentals and policy driven controls
- Good systems administration knowledge of Windows, Linux and networking platforms
- Extensive experience supporting or leading enterprise vulnerability management programmes
- Extensive experience of using the Qualys toolset at an enterprise level
- Working of Open-Source Intelligence capabilities
- Working knowledge of public/private cloud technologies and providers
- Relevant experience of working in a complex, geographically distributed environment
- Working knowledge of compliance requirements for GDPR, PCI DSS and the UK Data Protection Act
- Good understanding of Web Application Security frameworks, common vulnerabilities and associated remediations.
- Extensive experience of patch management processes
- Depth of knowledge in recognised international security standards
- Professional certification such as CISSP, CCSP or other information security credentials
- Ability to use scripting languages (Perl, Python, PowerShell etc)
Vacancy Type: Full Time
Job Location: Dunstable, England, UK
Application Deadline: N/A