Vulnerability Analyst

What you’ll be responsible for

As a Vulnerability Analyst, you will play a critical role in the Security Operations Team to maintain our security posture and reduce the attack surface of IT and OT systems. You will be responsible for: identifying, prioritising, and reporting on vulnerabilities as well as supporting the remediation of vulnerabilities across our environment. 

The Vulnerability Analyst will act on initiative to seek out vulnerabilities, keep track of current events and changes in the technology landscape, and work closely with Infrastructure and Application teams to respond appropriately to risks. This is expected to be a proactive, interactive and hands on role; requiring an individual with a balance of technical and stakeholder management skills. 

Responsibilities 

• Ensure all assets undergo regular vulnerability scans and continuously work to ensure full coverage across OT and IT.
• Work with IT and OT asset owners to configure and run vulnerability and compliance scans in a controlled, planned manner. 
• Work with remediation teams and relevant stakeholders to define effective remediation plans.
• Ensure that critical exposures are discovered and remediated swiftly proactively monitoring for new and changing vulnerability risks.
• Monitor current cyber threat intelligence and understand how it relates to vulnerability risk within the business.
• Define appropriate reporting and dashboarding to capture vulnerability exposure and successful remediations.
• Deliver vulnerability briefings to technical and non-technical stakeholders.
• Maintain vulnerability scanning platforms and tooling in collaboration with Security Engineering.
• Deliver strategic improvements to the vulnerability management process.
  
  

About you

• Familiarity with key concepts of cyber security and vulnerability management, such as CVSS, CVE, OWASP Top 10 and Mitre ATT&CK
• Strategic thinker, data-driven and analytical in approach to problem solving.         
• Strong team player and ability to take responsibility and act autonomously.         
• Ability to plan, organise and prioritise tasks.         
• Ability to interact proactively, professionally and confidently with colleagues across the business.
• General understanding of how technology is maintained, particularly with regard to patching.
• Understanding of the various types of security vulnerabilities that may affect a corporate environment
   

Good to know

Training to use relevant technologies and vulnerability management tools will be provided by the team.

This is a hybrid role, the successful candidate will be required in the office 2 days a week.

Benefits

As well as a market competitive salary, 33 days annual leave (pro rata, including public holidays), we offer a range of employee benefits and rewards including:

 
•             Option to buy additional annual leave up to 5 days per year
•             Enhanced employer pension contributions – Up to 11% employer contributions
•             Free Mortgage Brokering Services 
•             Enhanced family friendly policies
•             Progression opportunities, including the ability to apply for funded training and coaching and mentoring programmes
•             Gym and fitness discounts as well as high street shopping
•             Cycle to work scheme
•             Discount off all Welsh Water visitor attraction centres and gift shops
•             Car-leasing scheme and free on-site parking at all sites
•             Health CashBack scheme and access to an online GP service
•             An employee assistance programme for employees and their immediate family
•             Many more can be found here!  

 
 
Whilst also working for a not-for profit company that truly cares about earning the trust of customers everyday, and about looking after our beautiful environment
 
 
Please note, we may close this role sooner if required. We may also extend the original closing date depending on interest.
 
Due to the nature of the industry, we require satisfactory references, post offer medical clearance, and a criminal records Basic Disclosure check on all new employees joining the business. For some roles there may be additional checks and security clearance required, and this offer is subject all checks being satisfied. You will receive further information on how to complete these checks via email once you have accepted this offer.

Who we are

Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.

To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision.  This is achieved by living our core values and demonstrating the core behaviours that underpin them.  The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company’s required security objectives.

We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. 

To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve.

In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for.