Vulnerability Security Roles

Role 1 - Senior Vulnerability Here we are looking for a real leader in the Vulnerability Management space. Someone who is experienced building programs from the ground up, will be able to come into BSC and identify the current Vulnerability Management program gaps and take that knowledge to build a strategy to improve.

• Deep experience with Tenable vulnerability management tool and Kenna Risk Management tool is a must
• Industry recognised qualification e.g. CHECK, CREST, OSCP, QSTM (or equivalent)
• 5+ Years leading a Vulnerability Management Program
• Ability to independently perform technical responsibilities and deliver results to a high standard
• Experience participating in Capture The Flag (CTF), boot-to-root or other hacking challenges and competitions is a plus

• Log and track discovered vulnerabilities
• Triage remediation tasks and assign to system owner, tracking tasks accordingly
• Apply root cause analysis to identify and assess problems and key drivers of success. Developing potential conclusions from data with limited complexity
• Complete ad hoc metrics and reporting when requested
• Stay aware of current business and industry trends relevant to the business and cybersecurity
• Perform vulnerability scans as directed by management
• Management of BSC's cybersecurity risk scoring platform
• Threat modelling and security baselining of infrastructure estates
• Design and development of infrastructure security services to expand/improve coverage
• Building and maintaining processes to enable rapid distribution of vulnerability information to teams
• Maintaining regular contact with teams to manage remediation and advise as required
• Consult on and help build processes/testing triggers within other infrastructure teams
• Experience in security testing of web application, mobile applications, APIs, Cloud hosted application, Containers and on-prem data centers.

• Bachelor's Degree or industry equivalent work experience in vulnerability management in a security program
• 5+ years of applicable experience
• Ability to work collaboratively in a team environment
• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions
• Strong analytical and problem-solving skills
• A strong work ethic
• Ability to examine issues both strategically and analytically
• Ability to work on multiple, simultaneous initiatives

• Security+, GSEC, or equivalent certification
• Experienced with Tenable vulnerability management tool and Kenna Risk Management tool is a must
• Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)
• Deep understanding of data analytics and visualization tools (Splunk, Tableau, etc.)
• Deep understanding of vulnerability management processes and lifecycle
• Willingness and eagerness to learn outside of one's comfort zone

• Deep experience with Tenable, Qualys, Burp Suite Pro, Acunetix or other Application Security tools is a must

• Responsible for a mix of External, Web Application and Internal Network Penetration Testing plus more
• Industry recognised qualification e.g. CHECK, CREST, OSCP, QSTM (or equivalent)
• An excellent understanding of common security and application security standards and compliance (e.g., OWASP, PCI-DSS)
• Knowledge of Red Team testing
• Competence in one or more programming language.
• Ability to independently perform technical responsibilities and deliver results to a high standard
• Experience participating in Capture The Flag (CTF), boot-to-root or other hacking challenges and competitions is a plus
• 5+ years within Applicable Security Testing

• Lead BSC's Web Application Security Program
• Work with the business to identify all BSC websites and work with the owners to build a Web Application security testing framework
• Experienced with Tenable, Qualys, Burp Suite Pro, Acunetix vulnerability management tool 'Tenable'
• Log and track discovered vulnerabilities
• Triage remediation tasks and assign to system owner, tracking tasks accordingly
• Apply root cause analysis to identify and assess problems and key drivers of success. Developing potential conclusions from data with limited complexity
• Complete ad hoc metrics and reporting when requested
• Stay aware of current business and industry trends relevant to the business and cybersecurity
• Perform vulnerability scans as directed by management

• Bachelor's Degree or industry equivalent work experience in vulnerability management in a security program
• 5+ years of applicable experience
• Ability to work collaboratively in a team environment
• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions
• Strong analytical and problem-solving skills
• A strong work ethic
• Ability to examine issues both strategically and analytically
• Ability to work on multiple, simultaneous initiatives

• Security+, GSEC, or equivalent certification
• Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)
• Deep understanding of data analytics and visualization tools (Splunk, Tableau, etc.)
• Deep understanding of vulnerability management processes and lifecycle
• Willingness and eagerness to learn outside of one's comfort zone