2 Kenna Security Jobs

The role involves supporting the end to end vulnerability management (VM) service. The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives. As a Vulnerability Management Analyst, you will work collaboratively with internal stakeholders to perform risk-based technical assessments on technical vulnerabilities. Your role will involve providing vulnerability remediation prioritization recommendations to internal stakeholders and maintaining good relationships with them to ensure customer satisfaction. You will be responsible for delivering quality service and escalating issues as necessary. Additionally, you will influence colleagues to drive vulnerability remediation in a collaborative manner to help achieve operational and strategic targets. Your responsibilities will include performing a review of any exception requests related to technical vulnerabilities, providing recommendations, and documenting findings and actions. You will also identify and drive vulnerability management service improvements, particularly through the use of automation. Collating and analyzing data from internal stakeholders on technical vulnerabilities to support any information requests from leadership and or KPMG clients will be part of your role. Furthermore, you will support configuration and reporting requests within vulnerability management technology and work with vulnerability management technology vendors to support any vulnerability management activities. Attending and supporting internal and external audits from a vulnerability management service perspective, as well as supporting investigations and resolutions of security problems to find a root cause and achieve a balanced outcome, are essential aspects of this role. You will provide analysis on trends, proactively highlight issues and areas of concern, maintain and update service documentation such as process guides, and assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs). To be successful in this role, you must have a minimum of 4-7 years of relevant experience in a similar vulnerability management analyst role, as well as an understanding of the tooling associated with vulnerability management. Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure, and vulnerability management of container or serverless platforms are required. Additionally, experience of successfully working in a fast-paced, customer service environment and delivering high-quality information security services is crucial. It would be advantageous if you can demonstrate experience and knowledge of Google Cloud Platform, web application vulnerability scanning, industry-standard Vulnerability Management tooling such as Qualys, Tenable, Microsoft Defender ATP, and ServiceNow, and other industry-leading Risk-based vulnerability management tooling like Kenna Security or other security-related vulnerability management platforms. Any security or vulnerability management product certification would also be beneficial. As part of personal development, you will work towards and achieve or extend professional certifications in the field.,

Role The role involves supporting the end to end vulnerability management (VM) service. The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives. The Vulnerability Management Analyst will: Work collaboratively with internal stakeholders to perform risk based technical assessments on technical vulnerabilities; Provide vulnerability remediation prioritisation recommendations to internal stakeholders; Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation issues as necessary; Influence colleagues to drive vulnerability remediation in a collaborative manner to help achieve operational and strategic targets; Perform review of any exception requests related to technical vulnerabilities, providing recommendations and documenting findings and actions; Identify and drive vulnerability management service improvements, especially through the use of automation. Collate and analyse data from internal stakeholders on technical vulnerabilities to support any information requests from leadership and or KPMG clients; Support configuration and reporting requests within vulnerability management technology; Work with vulnerability management technology vendors to support any vulnerability management activities; Attend and support internal and external audits from a vulnerability management service perspective; Support investigations and resolutions of security problems to find a root cause and find a balanced outcome; Provide analysis on trends and proactively highlight issues and areas of concern; Maintain and update service documentation, such as process guides; Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs). Provide advice to VM service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks, Input to development of vulnerability management standards and security policies; Work towards and achieve or extend professional certifications as part of personal development. Prior experience You must have: Minimum 4-7 years relevant experience in a similar vulnerability management analyst role; Understanding of the tooling associated with vulnerability management. Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure; Experience and knowledge in vulnerability management of container or serverless platforms; Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services; It would be advantageous if you can demonstrate some, or all of: Experience and knowledge of Google Cloud Platform; Experience and knowledge of web application vulnerability scanning Experience of Industry standard Vulnerability Management tooling such as such as Qualys, Tenable, Microsoft Defender ATP and ServiceNow; Experience of other industry leading Risk based vulnerability management tooling, such as Kenna Security or other security related vulnerability management platforms. Any security or vulnerability management product certification.