Vulnerability Management Analyst

  • Location

    Nottingham, Nottinghamshire

  • Sector:


  • Job type:


  • Salary:

    £450 - £500 per day

  • Contact:

    Andrew Pennycook

  • Contact email:

  • Job ref:


  • Published:

    8 months ago

  • Duration:

    6 Months

  • Expiry date:


  • Start date:


Vulnerability Management Analyst
6 Months
Nottingham (Possibly London)

The Threat and Vulnerability Management (TVM) Program. Out Client is in the process of enhancing vulnerability management capabilities in support of the TVM program. These capabilities include vulnerability identification via Qualys, assessment, remediation support and measurement.

Our Client are looking for two consultants to:

  • Support remediation teams by interpreting vulnerability reports, providing technical guidance on remediation steps, and communicating risk-based priorities.
  • Standardize threat and vulnerability management processes by identifying opportunities for improvement in identification, assessment, reporting and measurement capabilities. Create run books for established processes.
  • Monitor intel community for advisories related to critical vulnerabilities, liaise with Cyber Intelligence team and advise cyber security leadership on emergent vulnerabilities
  • Work with infrastructure teams on prioritizing patching of vulnerable services
  • Weekly review of progress against the above goals, identification of new goals and summary of activity
  • Configure new Qualys platform subscription including deployment of scan appliances and creation of option profiles, asset groups, scan schedules, report templates, and authentication records in both Vulnerability Management (VM) and Policy Compliance (PC) modules.
  • Create run books for scanning and reporting processes developed within VM and PC modules.
  • Support vulnerability scanning operations by administering existing Qualys platform subscription and executing ad hoc scans as needed.
  • Collaborate and contribute to the automation of scanning and reporting processes where possible. Automate through scripting and API's where possible
  • VM scanning of 100K+ assets globally, with local scan engines where appropriate and needed
  • Establish ongoing procedure for full VM lifecycle from discovering assets through verifying remediation