Threat Detection and Vulnerability Management Lead

Threat Detection and Vulnerability Management Lead

Location: Glasgow – hybrid working

Salary: £54-£68K (plus 15% bonus, and single healthcare)

Permanent, Full Time

Help us create a better future, quicker

ScottishPower Renewables is a leader in the development of renewable energy, both onshore and offshore in the UK & Ireland. We are part of the first integrated utility to generate 100% green energy.

We focus on wind, solar and smart grid technologies in order to help transition our national energy supply towards a cleaner, electric future.

The Threat Detection and Vulnerability Management Lead will be responsible for providing vulnerability subject-matter-expertise in detecting vulnerabilities using detections tools, prioritising and responding to contain and remediate those detected vulnerabilities. This role will communicate the outcome to the relevant stakeholders and maintain documentation in vulnerability remediation options and tasks.

The role will be integrated into all parts of ScottishPower Renewables, contributing to cyber security purpose of delivering cyber resilient OT and IT to enable a safe and reliable electricity supply to the grid. You’ll provide a support role in SPR ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business. The programme of work has kicked off and is planned to deliver through to 2027.

What you’ll be doing

You’ll be accountable for vulnerability triaging, issue ownership assignment, and risk-rating, reviewing alerts and prioritises them based on the severity and impact on the business. In addition, you’ll communicate these alerts with remediation teams to resolve any highlighted concerns.

Within this role, you’ll use security analytics, including outputs from intelligence analysis, predictive research and root cause analysis to search for and detect potential breaches or identify recognised indicators and warnings. You’ll monitor, collate and filter external vulnerability reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes. A key part of the role will be to ensure that disclosure processes are implemented to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available,  producing warning material in a manner that is both timely and intelligible to the target audience(s). There will also be the need to generate analytic content, detection concepts, and network and host-based detection methods.

Other key aspects of the role include supporting the security monitoring and incident response teams, ensuring that findings are included in the threat assessment, and interfacing with the threat intelligence, security monitoring, and incident response teams.

What we’re looking for

• Enhanced skills in scoping and conducting of vulnerability assessments, tests of the potential for exploitation and reporting potential issues and mitigation options. 

• Extensive experience in threat detection and response within an operational technology or systems environment.  

• A track record of successfully delivering similar services in a complex, regulated enterprise. 

• A level of technical expertise that will allow you to understand the issues that arise at the intersection of security, infrastructure, and human systems. 

• Strong communication skills with the ability to influence and persuade stakeholders, build strong working relationships with senior leadership and third parties, and manage and influence colleagues. 

• Excellent leadership and decision making skills with the ability to process new information under pressure, pivot work to yield the most impactful results, direct resources, and respond to emerging technology risks and threats. 

• Possess working knowledge of corporate incident management, legal, regulatory, commercial and communications implications of material cyber incidents. 

• Experience across a broad range of control network-based systems, including the management of real time communication systems. 

What’s in it for you

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we’ll double match your contribution up to a company contribution of 10%.

At ScottishPower, we believe it’s the little things we do in life that make a big difference. From helping you look after your family’s wellbeing, save for your future and take personal steps for climate action – our benefits are designed to help you do just that -  so that you have everything you need to take care of your world – today and tomorrow. That’s why our benefits include:

• 36 days annual leave

• Holiday purchase – perfect your work/life balance with extra annual leave

• Share Incentive Plan and Sharesave Scheme

• Payroll giving and charity matched funding

• Technology Vouchers – save more and spread the cost of your technology purposes

• Count us in – pledge to reduce carbon emissions and help fight climate change

• Electric Vehicle Schemes – to help you transition to green/clean driving

• Cycle to Work scheme and public transport season ticket loans

• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments

• Life Assurance (4x salary)

• Access to ‘nudge’ financial wellbeing support

• Plus shopping, leisure, restaurant and gym discounts, and unique employee deals on travel insurance and more

Why ScottishPower

ScottishPower is part of the Iberdrola Group, one of the world’s largest integrated utility companies and a world leader in wind energy. With a commitment to generate all of our energy from renewable resources and a drive to create the energy infrastructure of the future, we’re at the forefront of the journey to Net Zero and investing over £6m every working day to make this happen. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals, in a global organisation

Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you’ll fit right in.

ScottishPower is committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support.

Mobility

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country. If/when required, the Company will support the employee with the necessary Immigration requirements.

IMPORTANT 

Advert will close at 23:59 GMT the day before Job Posting End Date below