Vulnerability Management Analyst – Leeds

Job Description

Location(s): UK, Europe & Africa : UK : Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Job Title: Vulnerability Management Analyst
Requisition ID: 123051

Location: Leeds – onsite
Grade: GG09-GG10

Referral Bonus: £5,000

We are looking for a talented and enthusiastic individual with a blend of technical and client-facing skills to join our dedicated client Security Operations Centre (SOC) as a vulnerability management analyst. This role will play an important part in supporting our client with identifying and assessing key vulnerabilities and working with stakeholders to complete remediation. This will also include assisting with the running of vulnerability remediation campaigns and reporting of the results. As the SME for vulnerabilities in the team, you will work closely with threat intelligence colleagues providing context and supporting other analysts in the SOC.

The customer is committed for the SOC to be a benchmark of best practice and excellence.

BAE Systems staff are based in multiple locations, but with the day to day operations based from our Leeds office (due to the need for customer network access available at this location).

This role requires a minimum of DV clearance.

This role reports to the Cyber Threat Intelligence and Vulnerability Lead.

The Role

Core duties:

• Monitor, investigate and report potential cyber threats and key vulnerabilities.
• Analyse and interpret vulnerability report results, prioritise findings using risk-based prioritisation methodology and provide actionable recommendations for remediation.
• Operate vulnerability scanning and configuration scanning tools, like AWS Inspector and Microsoft Defender.
• Collaborate with a range of stakeholders and teams to address key vulnerabilities across the client’s estate.
• Ensure all relevant 0-Day, critical and high vulnerabilities sourced from internal tooling and open source feeds are tracked in a vulnerability register, and draft an alert and warning notice on an ADHOC basis when approved by the Cyber Threat Intelligence and Vulnerability Lead.
• Assist in defining, creating and implementing various SOPs (Standard Operating Procedures) and SOMs (Service Operating Models).
• Use asset risk information, vulnerability ratings, and threat information to communicate the risk and remediation.
• Production of regular vulnerability reports to accurately articulate the landscape and progress.

Requirements

Technical

• 1+ years’ experience in vulnerability management with an additional 1+ in related cyber roles.
• Hands-on experience with vulnerability assessments, management, and remediation strategies.
• Understanding of cloud concepts and environments (AWS, Azure) and their unique vulnerabilities.
• Detailed understanding of Windows, Linux/Unix, and OS vulnerabilities.
• Ability to perform risk analysis and prioritise.
• A strong understanding of current and emerging threats.
• Experience in technical incident response and management.

Non-Technical

• Project management skills to help deliver vulnerability programs.
• Bachelor’s Degree in Cybersecurity, Computer Science or equivalent experience in a SOC/ /Vulnerability Management field.
• Excellent written and verbal communication skills with the ability to communicate the risk, potential impact and importance of detailed technical information to non-technical and senior stakeholders.
• Team player and adept at working in a multi-disciplinary and diverse team.
• Self-motivated and motivates others, keeping morale and performance high.

Life at BAE Systems Digital Intelligence

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.