Vulnerability Remediation Lead

Location: Newbury + *Hybrid
Working hours: Full time 37.5 hours per week – Mon to Fri
Salary: Excellent basic salary plus bonus and Vodafone benefits

*Hybrid

At Vodafone UK we believe that through collaboration and connection with our colleagues we can achieve great things. Our hybrid working approach allows our people to work both in the office and at home, providing the flexibility and resources you need to succeed in your role. We don't require you to be in on specific days; instead, we ask people to come into the office 2-3 days each week, on average 8 days a month. Our “Office in a Box” home working kit will provide you with everything you need, no matter where you are.

What you’ll do 

As a Vulnerability Remediation Lead, your role will be to drive risk reduction across the Vodafone UK estate acting as a Subject Matter Expert on topics such as vulnerability mitigation, system hardening and applicable regulatory standards. You will work within the UK Cyber Security Team to ensure that service owners are patching systems within the defined SLA. Where this is not possible, you will work with a mixture of management and technical stakeholders to define solutions, apply applicable mitigating controls, and reduce the level of risk. You will also use various sources of information – both internal and external, to demonstrate and report on Vodafone’s security posture to senior stakeholders and influence key strategic decisions on security topic.

This role provides an excellent opportunity to work on a variety of technologies in a fast-developing industry, improving on innovative Vulnerability Management and Patching solutions. You will feel part of a close-knit team and will work with autonomy whilst interacting with innovative teams across Vodafone.

• Support the Vulnerability Manager and be able to deputise on their behalf.
• Apply subject matter expertise to secure our IT, Networks and Cloud estates through remediation best practices. You will work with risk functions to highlight risk and appropriate actions for resolution and where appropriate you will present on these topics to drive the right level of attention and awareness. 
• Support the patching platform day-to-day and help both define the strategy around it and raise awareness of it. You will investigate and resolve issues encountered by users, ensuring they can patch their systems in a timely and effective manner. You will also develop the platform to wider uses supporting vulnerability remediation efforts and increase it’s return on investment. 
• Support with the review of and providing technical guidance around regulatory requirements relating to Vulnerability Management and Patch Management, as well as the operation of our toolsets in line with these requirements.
• Develop and improve automated vulnerability management reports and dashboards, giving stakeholders access to more bespoke, relevant and frequent data which better supports their remediation efforts.  
• Provide in-depth, technical analysis of security issues and provide detailed suggestions for improvements and appropriate mitigating controls to be implemented.
• Continuously mature best practices around vulnerability remediation and promote these within Cyber Security and beyond.
• Develop and maintain relationships with a variety of stakeholders at various levels.
• Provide advice and guidance to Vulnerability Remediation Specialists.
• Communicate fluently orally and in writing, and present complex technical information to both technical and non-technical audiences.
• Encourage Secure by Design principles.
   

Who you are

• Must be eligible for SC Clearance 
• Deep understanding of Vulnerability Management, Patch Management and Hardening principles.
• Use and management of vulnerability scanning toolsets e.g. Qualys, Tenable, Rapid7.
• Use and management of patching toolsets e.g. IBM BigFix, BMC TrueSight, Microsoft SCCM, with the ability to troubleshoot and resolve issues within these tools.
• Proficiency in understanding complex vulnerabilities and security issues and the ability to troubleshoot any technical issues which may impact the ability to resolve these both independently and provide guidance to others on how to do so.
• Experience in networking concepts (TCP/IP, Routing, Firewalls)
• Experience in IT concepts, including serverless and containerisation, with a detailed understanding of server operating systems (Windows and Linux). 
• Experience of managing complex infrastructure environments in line with industry best practice. 
• Experience in working on and managing a VMWare vSphere environment.
• The ability to develop scripts to automate reporting processes (particularly Python experience). 
• Experience of devising, visualising and presenting Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
• Understanding of the regulatory and compliance environment, including PCI-DSS, the UK Telecom Security Act and ISO27001. 
• Strong written and oral communication skills, the ability to influence stakeholders and explain complex security requirements in simple terms.
• The ability to build great working relationships and are culturally sensitive and socially flexible in a global corporate environment.
• Security related industry accreditations such as CISSP, CISM, CREST, GIAC (desirable but not essential) 

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to apply as you may be the right candidate for this role or another role, and our recruitment team can help you see how your skills fit in.
 

What we offer

We believe that taking care of our employees is the key to their success. That is why we offer an excellent remuneration and bonus package with up to 28 days holiday entitlement, in addition to bank holidays and paid leave for charity projects. We offer an extensive benefits package that can be tailored to suit you and your family, including employee discounts, retail vouchers, pension plan and share schemes. We take pride in our commitment to supporting you at every stage of your career by providing top of the range learning and development tools, market leading parental leave policies and an innovative Reconnect programme for people who have taken a career break. 

Together we can

Vodafone UK are regulated by the Financial Conduct Authority and all offers of employment for this role are subject to background checks, including criminal (DBS) and financial checks to meet the regulators standards.
If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, a sign language interpreter, or assistive technology, please refer to the Accessibility section of our Careers website (https://careers.vodafone.com/uk/applying-to-vodafone/) for guidance.