Gymshark HQ is based in Solihull, however this role can be both flexible & remote. There will be an expectation (post-Covid, government guidelines dependant) for the successful candidate to also be flexible and be open to coming into HQ occasionally.
As Gymshark’s Security Vulnerability Management Specialist, you will be responsible for the scoping, scanning, reporting and remediation plans for vulnerabilities within the Gymshark systems and infrastructure. To ensure the company’s assets, systems and applications are protected, you will perform proactive vulnerability assessments on emerging threats liaising with stakeholders to address the identified issues.
We have an ambitious strategy that will transform Gymshark’s Security capability; therefore, this role will work closely with the programme work streams to help deliver tangible risk reduction outcomes to Gymshark.
What You Will Be Doing
Management and Support:
- Perform analysis of incoming intelligence to identify threats, providing technical and procedural recommendations that will reduce Gymshark’s exposure to cyber-risks.
- Assist in the delivery, implementation and management of the Vulnerability Management programme.
- Organize network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts (Cloud).
- Form and advise taskforces of cross functional technical resources to respond to highest risk/most complex vulnerabilities, utilising your technical specialist knowledge.
- Understand and stay current with the critical threats to our in house and Cloud based IT solutions by continually reviewing intelligence sources for vulnerabilities.
- Provides intelligence driven vulnerability assessments for Critical/Zero Day discoveries, highlighting possible next steps.
- Provides internal incident response for the company collaborating with supported SOC.
- Identify technical and procedural enhancements and opportunities to improve the capability of the Threat & Vulnerability function.
- Maintain internal methodologies and processes, based on industry standards.
- Champion a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
- Provide and support the delivery of technical and executive level risk-based reporting of threat and vulnerability landscape specific to the Gymshark landscape.
- Hold relationship with vendors/3rd party suppliers PSIRT(Product Security Incident Response Team) entities.
- Ability to work with internal staff & third parties to deliver risk reduction strategies.
- Excellent communication skills with the ability to explain technical security threats & vulnerabilities in business risk terms.
- Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness.
- Uses data and analytics to measure the effectiveness of tools and policies to help understand the landscape for further improvement.
- Identify and highlight any current Gaps or Updates to existing InfraSec Systems, Policies and Procedures.
- Utilise tools and analysis to identify vulnerabilities on the network, client machines or cloud infrastructure.
- Benchmark Gymshark against key compliance legislation and global security standards.
Knowledge and Opportunity:
- Hands on experience of organising network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts (Cloud).
- Experience with running a vulnerability management programme; scheduling, scanning, tracking, assessment and mitigation of vulnerabilities.
- Act as a Subject Matter Expert (SME) in all matters related to Threat and Vulnerability management.
- Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.
- Will be an ambassador for the function.
- To work outside of hours where necessary/required.
- Identifies areas where training/certification is required and proactively arrange such training/certification once identified.
- To lead by example on best practices and tech policy.
What You'll Need
- Own or work towards, an industry recognised qualification in Cyber/InfraSec.
- Experience within a Cyber Security/Infrastructure Security Team.
- Knowledge of OWASP Top 10, CVSS (Common Vulnerability Scoring System), CVE, Penetration Testing and vulnerability scanning techniques.
- Experience working in a security team; preferably running a Vulnerability Management Programme.
- General knowledge of current and emerging security technologies, Strong information security knowledge including web, network and endpoint protocols.
- Sound operational and working knowledge of vulnerability management systems.
- General High level of organisational skills.
- Work collaboratively with local and International Technical and Non-Technical teams to align on global projects and joint tasks.
- Experience in supporting a Mid-Sized HQ and Satellite Office user base in all security related questions and queries.
- Day to day staff in person/email/phone support for relevant security systems.
- Providing support for Gymshark InfraSec Identity Systems in the event of emergencies – occasionally out of hours if urgent.
- Ability to work collaboratively with other team members to deliver immediate tasks.
- Commercial Awareness and a creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.