IT Security Officer

In this role, you will help ensure that vulnerabilities and exposures across our environment are identified, validated, and remediated in a timely manner. You will work closely with system owners and report findings, helping to keep our risk posture visible and well-managed.

Key Responsibilities:

1. Attack Surface Monitoring, Vulnerability Scanning, and Triage

• • Monitor and triage findings surfaced by our Attack Surface Management (ASM) and Vulnerability Management tools
  • Assess each finding for validity, severity, and exploitability before escalating or acting on it
  • Distinguish genuine exposures from false positives and contextualize findings against our asset inventory
  • Priorities remediation efforts based on risk

2. Remediation Workflow Management

• • Work with system owners to follow up on outstanding findings
  • Track remediation progress and ensure findings are resolved in a timely manner
  • Manage exceptions and risk acceptance where remediation is not immediately feasible
  • Communicate clearly with non-technical stakeholders, translating technical findings into actionable guidance

3. Reporting & Insights

• • Consolidate vulnerability data and remediation metrics for reporting
  • Identify trends and surface systemic issues across the organization’s attack surface and internal asset landscape
  • Provide recommendations to improve our overall exposure management programme

4. Process Improvement

• • Contribute to the refinement of ASM and vulnerability management processes, tooling configurations, and escalation playbooks over time
  • Support the development and maintenance of vulnerability management policies, standards, and procedures in alignment with industry best practices

Requirements:

• Bachelor’s Degree in Computer Science/Information Security or equivalent
• Professional certifications, including GWEB, OSCP, CRISC, CISA or other relevant certifications will be preferred
• Preferably 5 years of experience in a relevant cybersecurity function, such as vulnerability management, attack surface management, security operations, or IT risk
• Strong understanding of cybersecurity concepts, particularly around vulnerability management, patch management, common vulnerability scoring frameworks (eg CVSS), and external-facing attack surface risks
• Familiarity with ASM or vulnerability management tools (such as Tenable, Qualys, Censys, or similar)
• Proficiency in programming languages such as Python will be advantageous
• Strong analytical and judgement skills, with the ability to think critically and make sound recommendations
• Good communication and interpersonal skills, with the ability to multitask, prioritise, and translate technical findings
• Meticulous, with a high degree of integrity, initiative, and energy