Vulnerability Management Analyst

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

Position: Vulnerability Management Analyst

Location: London, Hybrid (3 days in the office )

The Job

The AVEVA Security team are seeking a skilled individual to join a high performing global vulnerability management team.

The Vulnerability Management Analyst is responsible for proactively identifying and managing the remediation of vulnerabilities affecting AVEVA’s infrastructure and services. This role requires a broad technical understanding and to be responsible for vulnerability detection, assessment and driving vulnerability remediation across the organisation.

Responsibilities

• Conduct vulnerability assessments to identify known vulnerabilities and configuration weaknesses and assess the effectiveness of existing controls and recommends remedial action.
• Maintain current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities.
• Analyse risks associated with vulnerabilities, provide detailed reporting, and recommend actionable remediation strategies
• Support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.
• Serve as an escalation point on issues, dependencies, and risks related to vulnerability scanning and security testing.
• Collaborate with multiple stakeholders to prioritize vulnerabilities based on severity, impact, and exploitability.
• Support the development of AVEVA’s Vulnerability management policy, process, and procedures.
• Managing the end-to-end vulnerability lifecycle from discovery to closure ensuring the relevant resolver team put in place a plan and timely remediation working with both managed service providers and internal IT and Information Security staff.
• Utilising information from external vulnerability reporting tools such as BitSight, RiskRecon, Security Scorecard and vendor vulnerability briefings determine the priority of remediations needed across the AVEVA estate.
• Manage security assessment processes, including performing, tracking remediation, validating controls, measuring residual risk, and writing reports.
• Coordinate and oversee remediation efforts to ensure timely and effective resolution of security vulnerabilities.

Skills & Qualifications

• Minimum of 3 years information and cyber security experience, and experience in IT Vulnerability Management.
• Experience using vulnerability scanning tools such as Qualys, Tenable, Rapid7 and vulnerability management platforms (RiskVision, Kenna Security).
• Experience managing vulnerability management findings/services for cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
• Strong understanding of vulnerability management practices and methodologies. Knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
• Working knowledge of system, application, network and database hardening techniques and practices.
• Working knowledge of one or more of the following - cloud technologies, internet security, networking protocols or experience with software development.
• Strong analytical skills and ability to identify advanced vulnerability threats.
• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Knowledge of and experience in developing and documenting security processes and plans.
• Knowledge and experience with implementing common information security management frameworks, such as International Organization for Standardization (ISO) 2700x series, ITIL, COBIT and National Institute of Standards and Technology (NIST) or Centre for Internet Security (CIS) frameworks would be advantageous.

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment.  Background checks will be conducted in accordance with local laws and may, subject to those laws,  include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.
 
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.