Join us as a Vulnerability Analyst at Barclays, responsible for supporting the successful delivery of Location Strategy projects to plan, budget, agreed quality and governance standards. Youll spearhead the evolution of our digital landscape, driving innovation and excellence. You will harness cutting-edge technology to revolutionise our digital offerings, ensuring unparalleled customer experiences.
To be successful as a Vulnerability Analyst you should have experience with:
- Assessment, triage and prioritisation of identified internal & external vulnerabilities based on exposure and mitigating controls
- Assessment, triage and prioritisation of misconfiguration including cloud (Cloud Security Posture Management)
- Attack Surface Management
- Provision of vulnerability data to key stakeholders (Enterprise Technology, BU CISO teams)
- Analysis of vulnerability intelligence data to inform patching prioritization / scheduling
- Security Incident Management response (initiate P1 / MIM process)
- Management of VM Toolset (VRS, Tenable, Tanium, Withsecure, Wiz.io Prisma, ITSEC / SPDW/ServiceNow VR
Key Accountabilities
- Assess, triage and priorities vulnerability across of wide range of tooling and capabilities including but not limited to Tenable infrastructure scanning, Tenable IO external perimeter scanning, Prisma container scanning and Cloud Security Posture Management.
- Attack Surface Management
- Utilising the key reporting tools such as SQL, JIRA, ITSec and Service Now
- Development of Vulnerability Management Solutions: -
- Involvement and contribution in designs with regard to, providing Vulnerability Management solutions/methodologies.
- Input in the provision of detailed specifications for vulnerability remediation solutions and supporting the developments.
- Assist the BU s in understanding the materialistic Risk involved behind the vulnerabilities identified and communicated via appropriate systems and drive remediation
- Proactively feed into and develop the required senior MI (Management Information) collection ensuring stakeholders and Senior Management are informed of and major Risks/Vulnerabilities or Findings.
You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills.
This role is based in Pune.
Purpose of the role
To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity.
Accountabilities
- Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
- Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
- Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.
- Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.
- Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
- Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.
Analyst Expectations
- To perform prescribed activities in a timely manner and to a high standard consistently driving continuous improvement.
- Requires in-depth technical knowledge and experience in their assigned area of expertise
- Thorough understanding of the underlying principles and concepts within the area of expertise
- They lead and supervise a team, guiding and supporting professional development, allocating work requirements and coordinating team resources.
- If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L Listen and be authentic, E Energise and inspire, A Align across the enterprise, D Develop others.
- OR for an individual contributor, they develop technical expertise in work area, acting as an advisor where appropriate.
- Will have an impact on the work of related teams within the area.
- Partner with other functions and business areas.
- Takes responsibility for end results of a team s operational processing and activities.
- Escalate breaches of policies / procedure appropriately.
- Take responsibility for embedding new policies/ procedures adopted due to risk mitigation.
- Advise and influence decision making within own area of expertise.
- Take ownership for managing risk and strengthening controls in relation to the work you own or contribute to. Deliver your work and areas of responsibility in line with relevant rules, regulation and codes of conduct.
- Maintain and continually build an understanding of how own sub-function integrates with function, alongside knowledge of the organisations products, services and processes within the function.
- Demonstrate understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function.
- Make evaluative judgements based on the analysis of factual information, paying attention to detail.
- Resolve problems by identifying and selecting solutions through the application of acquired technical experience and will be guided by precedents.
- Guide and persuade team members and communicate complex / sensitive information.
- Act as contact point for stakeholders outside of the immediate function, while building a network of contacts outside team and external to the organisation.
