Vulnerability Analyst
Liverpool, England, United Kingdom
The Very Group
About us
We are The Very Group and we’re here to help families get more out of life. We know that our customers work hard for their families and have a lot to balance in their busy lives. That’s why we combine amazing brands and products with flexible payment options on Very.co.uk to help them say yes to the things they love. We’re just as passionate about helping our people get more out of life too; building careers with real growth, a sense of purpose, belonging and wellbeing.
Role Purpose
The Vulnerability Analyst is responsible for supporting the vulnerability management process in identifying, assessing, and mitigating security vulnerabilities within the organisation. The role requires an understanding of IT systems and security principles.
About the role
The Vulnerability Analysts scope encompasses supporting the vulnerability management process in identifying, assessing, and mitigating security risks within the organisation. This includes contributing to vulnerability scans, analysing results, prioritising vulnerabilities, coordinating remediation efforts, maintaining accurate records, and staying abreast of emerging threats. The role is pivotal in enhancing the organisation's overall security posture by providing essential support to the vulnerability management process.
Key Decisions
Vulnerability Analyst primarily supports the team, they will still be involved in several critical decision-making processes:
- Prioritisation of vulnerabilities: Given the volume of vulnerabilities identified, the Vulnerability Manager will assist in determining which vulnerabilities pose the greatest risk to the organization and should be addressed first
- Data classification: They will contribute to deciding how to categorise vulnerabilities based on factors like severity, impact, and potential exploitability
- Remediation strategy: While not solely responsible, the Vulnerability Manager will participate in discussions about the most effective remediation strategies for identified vulnerabilities
- Tool selection: They may be involved in evaluating and selecting new vulnerability scanning or management tools
- Process improvement: In collaboration with various teams, the Vulnerability Manager can suggest improvements to vulnerability management processes and workflows
Key Responsibilities.
- Management and Ownership of Toolset: Manage the configurations and operations of vulnerability management tooling
- Vulnerability Identification and Assessment: Actively participate in vulnerability scanning and assessment activities, analysing results to identify potential threats to the organisation's systems and data.
- Vulnerability Prioritisation and Remediation: Assist in prioritising vulnerabilities based on risk level and impact and collaborate with IT teams to implement effective remediation strategies.
- Data Management and Reporting: Maintain accurate records of vulnerabilities, remediation efforts, and generate reports to inform decision-making.
- Process Improvement: Contribute to the ongoing development and refinement of vulnerability management processes and procedures.
- Team Collaboration: Work effectively within the InfoSec team and across other IT departments to achieve shared objectives.
- Knowledge Acquisition: Stay updated on emerging vulnerabilities, threats, and best practices in the field of information security.
Required skills and experience
- Basic understanding of IT infrastructure and networks
- Familiarity with vulnerability scanning tools and techniques
- Strong analytical and problem-solving skills
- Attention to detail and accuracy
- Good communication and interpersonal skills
- Ability to work effectively as part of a team
- Experience with security frameworks (e.g., NIST, ISO 27001)
- Knowledge of scripting or programming languages
- Understanding of risk assessment methodologies
Benefits
- On Target bonus (Business and Personal performance)
- £250 of flexible benefits allowance.
- 27 days holiday + bank holidays + option to purchase 5 additional days
- 6% matched pension
- Hybrid working - 3 days per week from our Speke HQ.
- Brand discount up to 25%
- Ongoing training and development.
Hiring Process
What happens next?
Our talent acquisition team will be in touch if you’re successful so keep an eye on your emails! We’ll arrange a short call to learn more about you, as well as answer any questions you have. If it feels like we’re a good match, we’ll share your CV with the hiring manager to review. Our interview process is tailored to each role and can be in-person or held remotely.
You can expect a three-stage interview process for this position:
1st Stage - An initial informal chat with a member of our TA Team.
2nd stage - A 30-45 minute video call with a member of the hiring team to discuss your skills and relevant experience. This is a great opportunity to find out more about the role and to ask any questions you may have.
3rd Stage – A more formal interview with a number of the Team.
As an inclusive employer please do let us know if you require any reasonable adjustments.
Equal opportunities
We’re an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: ISO 27001 IT infrastructure NIST Risk assessment Scripting Strategy Vulnerabilities Vulnerability management Vulnerability scans
Perks/benefits: Career development Equity / stock options Flex hours Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.