Vulnerability Management

Typical role expectations

• Analyse complex information systems to understand the associated Cyber Security risks, audit requirements, and data value
  
• Support the creation and implementation of vulnerability assessments of enterprise assets to a predefined scope and schedule using predetermined templates and test scripts, including but not limited to:
  • application vulnerability assessments
  • infrastructure vulnerability assessments
• Assist in the prioritisation of those vulnerabilities through a risk-based approach
  
• Triage and prioritise vulnerabilities, implement mitigating measures, and support in the life cycle of vulnerability management, providing standardised advice on ways to improve control mechanisms and mitigate risk
  
• Collaborate with stakeholders to manage vulnerabilities and undertake remediation activities
  
• Communicate common mitigation strategies such as patching and basic configuration change (system hardening)
  
• Understand how local protective security measures can be applied to reduce vulnerability exposure
• Demonstrate knowledge of common approaches and tooling to perform vulnerability assessment and to validate system configuration
  
• Perform vulnerability assessments of enterprise assets with limited supervision to a predefined scope and schedule using predetermined templates and test scripts
  
• Develop and implement schedules for performing vulnerability assessments to meet organisational objectives and compliance requirements

Typical role expectations

•  Manage complex information systems to understand and prioritise actions on Cyber Security risks, audit requirements and data value, and provide guidance to vulnerability management team members
• Manage the creation and implementation and lead development of vulnerability assessments for IT estates, including but not limited to application vulnerability assessments and infrastructure vulnerability assessments
• Drive prioritisation of those vulnerabilities through a risk-based approach, to meet common organisational objectives such as regulatory compliance and audit functions
• Manage the triage of vulnerabilities, ensuring mitigation measures are implemented, and managing the life cycle of vulnerability management for a set of assets, providing tailored advice on ways to improve control mechanisms and mitigate risks
• Recommend remediation strategies and provide advice on complex configuration changes in support of vulnerability remediation
• Proactively identify and leverage threat intelligence sources to inform strategic vulnerability mitigation measures
• Manage collaboration with stakeholders to create tactical plans relating to managing vulnerabilities, and oversee subsequent activities
• Demonstrate developed knowledge and understanding of approaches and tooling for performing vulnerability assessment against large and complex infrastructure
• Validate system configuration across multiple and complex interlinking systems
• Translate vulnerability management standards and best practice into organisation-specific policies, procedures and guidelines and champion standards and best practice outside security functions
• Explain the need for effective vulnerability management processes and implications of poor performances
• Lead development and implementation of effective vulnerability management programs across the enterprise to meet organisational and regulatory and compliance requirements
• Develop vulnerability assessment templates and test scripts to meet common organisational objectives such as regulatory compliance and internal audit function

Typical role expectations

• Lead complex information systems to understand and prioritise actions on Cyber Security risks, audit requirements and data value, and provide specialist or complex guidance to vulnerability management teams and external senior stakeholders
• Lead the development and implementation of multiple vulnerability assessments and enterprise-wide scanning strategies across multiple complex environments, while leading in prioritising those vulnerabilities through a risk-based approach
• Lead the triage of vulnerabilities, ensuring mitigation measures are implemented, and oversee the life cycle of vulnerability management for a set of assets, providing tailored specialist or complex advice on ways to improve control mechanisms and mitigate risks
• Lead senior stakeholder engagement across government to create strategic plans for managing vulnerabilities and remediation activities
• Create organisational principles and vision that will provide the basis for triaging vulnerabilities
• Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks
• Develop bespoke templates and test scripts to meet uncommon or complex organisational objectives
• Set the organisation’s vulnerability management strategy including people, process and technology elements
• Ensure organisation-specific vulnerability management policies, procedures and guidelines are aligned with organisational objectives and risk appetite
• Set direction and approve investment in strategic tooling and capability to address strategic enterprise-wide risk
• Develop bespoke templates and test scripts to meet uncommon or complex organisational objectives