Share this Job

Vulnerability Management Analyst

Date: Jul 24, 2021

Location: London, United Kingdom

Company: KPMG UK

Vulnerability Management Analyst

The Team

This role is in the Technical Security Operations team, within the KPMG UK Information Security function. The Technical Security Operations team are critical in the assessment, development and delivery of innovative, technology-enabled secure solutions for KPMG and our clients. The Technical Security Operations team is vital to KPMG’s ability to demonstrate that we are delivering ‘secure by design’ solutions such that our business stakeholders, our clients and our regulators trust KPMG.

The Role
The role involves supporting the end to end vulnerability management (VM) service. The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.

The Vulnerability Management Analyst will:
• Work collaboratively with internal stakeholders to perform risk based technical assessments on technical vulnerabilities;
• Provide vulnerability remediation prioritisation recommendations to internal stakeholders;
• Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation issues as necessary;
• Influence colleagues to drive vulnerability remediation in a collaborative manner to help achieve operational and strategic targets;
• Perform review of any exception requests related to technical vulnerabilities, providing recommendations and documenting findings and actions;
• Identify and drive vulnerability management service improvements, especially through the use of automation.
• Collate and analyse data from internal stakeholders on technical vulnerabilities to support any information requests from leadership and or KPMG clients;
• Support configuration and reporting requests within vulnerability management technology;
• Work with vulnerability management technology vendors to support any vulnerability management activities;
• Attend and support internal and external audits from a vulnerability management service perspective;
• Support investigations and resolutions of security problems to find a root cause and find a balanced outcome;
• Provide analysis on trends and proactively highlight issues and areas of concern;
• Maintain and update service documentation, such as process guides;
• Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs).
• Provide advice to VM service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks,
• Input to development of vulnerability management standards and security policies;
• Work towards and achieve or extend professional certifications as part of personal development.

The Person
You must have:
• Very good and relevant experience in a similar vulnerability management analyst role;
• Understanding of tooling associated with vulnerability management such as Qualys, Kenna, Microsoft Defender for Endpoints and ServiceNow;
• Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure;
• Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services;

It would be advantageous if you can demonstrate some, or all of:
• Experience and knowledge of Google Cloud Platform;
• Experience and knowledge of container or serverless platforms;
• Any security or vulnerability management product certification.


Job Segment: Manager, Information Security, Management, Technology