Senior Engineering Manager - Vulnerability Management - CISSP, CISA, SANS, DAST, SAST, OS, Red Team, PenTest, App Sec

Currently a 100% WFH environment with the longer term intention that this role will be a minimum of 3 days WFH on a permanent basis

Benefits:

Competitive Salary; GBP6000 Car/Cash allowance; Double matched Pension to 18%; 28 Days Holiday; Private Medical Insurance; Life Assurance; Up to 20% Bonus scheme

The company delivers gas and electricity to many millions of people across Great Britain and North Eastern US in an efficient, reliable, secure and safe manner. We protect our people, our premises, and digital systems with the objective of maintaining trust in our services. Our mission which we believe in and are excited by is the opportunity to create a world class Security team to defend critical national infrastructure in the UK and US and the millions of customer communities that we serve.

Cyber Security Services are responsible for the planning, design, implementation and ongoing support of effective cyber solutions. Our vision is to be recognised as a world leading Security function in the energy sector and a trusted partner across the organization. Working alongside engineering, the Product Team drive and deliver the long-term product vision, strategy, and continually align the products with the organisation's needs.

The Vulnerability Management function is part of Cyber Engineering, and supports the Security Team's global operations by identifying and reducing security vulnerabilities and control issues right across the enterprise, Critical National Infrastructure (CNI) and Operational Technology networks. Vulnerability Management is responsible for operating a blend of security controls including penetration testing through an expert in-house team and supplier consulting services, intelligence-driven Red Teaming to exercise resilience to real-world threats, Collaborative purple team exercises to directly improve control effectiveness and help inform defenders, through to the design and operation of an enterprise-scale vulnerability discovery program focused on automation.

As a leader in Vulnerability Management you will drive a program of technology and capability improvements, developed in partnership with Product Management, and operate a security operations function to provide assurance and assessment capability across US and UK territories. You will be responsible for leading and operating a team of highly technical individuals, coaching and supporting outstanding performance and leading by example to enable introduction of cutting edge technical cyber solutions and approaches.

This is a newly envisioned role with a new team who have recently transformed to new ways of working. This is a great opportunity to help build a high performing team in a critical infrastructure industry.

The Senior Manager - Vulnerability Management will deliver:

• Delivery of efficient operation of penetration testing services for stakeholders in US and UK, within agreed SLAs.
• Engineering and delivery of technical VM capabilities as defined by, and agreed with, Product Management.
• Operation of a vulnerability management process via a portfolio of vulnerability management technology and automation, to consistently and continuously discover and report critical vulnerabilities and security weaknesses.
• Identify, evaluate and prioritise potential weaknesses in infrastructure using both manual and automated methods.
• Support regional infrastructure teams in the remediation management of identified vulnerabilities, influencing prioritisation and execution of risk management initiatives, and drive remediation of process and technology gaps.
• Responsible for the creation and delivery of actionable vulnerability and coverage reporting, both tactical and operational.
• Incident handling of critical vulnerabilities as notified by Cyber Threat Intelligence, through direct discovery and third-party notification.
• Impactful; delivering value through continuous improvement of products and services to secure our environment.
• Responsibility for building a team of high-performing security experts and creating a culture of technical excellence.
• Collaborate with the business users, product owners, and engineering teams.
• Ability to work both with engineers on a technical level, business stakeholders and manage vendor relationships.
• Good understanding of vulnerability management principles, cyber threats, and risks, to inform decision making.

The Senior Manager - Vulnerability Management will demonstrate:

• In-depth knowledge & understanding of Vulnerability Management: authenticated and unauthenticated network vulnerability scanning, toolsets and automation thereof; application scanning methods including DAST, SAST and OS Dependency verification.
• In-depth knowledge & understanding of Penetration Testing, Red Teaming and Application Security: high level test methodologies, principles for scoping of engagements, basic threat modelling, utilisation of Mitre ATT&CK for classifying tactics and techniques, Secure Development Lifecycle principles, CI/CD integration of security controls.
• Strong track record of leading engineering teams to deliver successful products
• Adept at working with stakeholders at all levels to develop successfully solutions that meet business needs
• A critical thinker with an analytical mind-set and adept at evaluating opportunities to reach goals
• An agile mind-set with experience using agile frameworks
• Knowledge of Regulatory/Legal requirements of NERC CIP, PCI DSS, UK CNI government accreditation useful
• Experience of working with global teams and stakeholders
• Previous experience operating a global penetration testing and Vulnerability Management function preferred.
• Background as a hands-on, technical practitioner preferred, credible and experienced, although now with a more strategic focus

Qualifications

Essential:

• Bachelor's degree in technical discipline (or relevant professional experience)
• 5 years minimum experience in a technical security leadership role with responsibility for the operation of a technical cyber security control (or equivalent)
• English language fluency
• 5+ years of Cyber security experience
• 5+ years of experience with Vulnerability Management in large enterprise environment
• Strong knowledge and experience designing and implementing technical security solutions within the Vulnerability Management domain
• Ability to present risks and propose countermeasures to senior technology executives (CISO, CTO)

Desirable

• CISSP, CISA, relevant SANS certifications
• Strategy development
• Consultancy experience
• Agile working practices in a non-development setting
• Experience in CNI or Utility sector

Main Interfaces

• Internal business customers
• Business Partners - Security
• VM Product Manager
• Cyber Engineering Teams/Leads
• Engineering and project teams across the organization
• CISO
• VP Cyber Engineering

Leadership Qualities & Business Capabilities

• To translate the future vision and strategy to commercial by anticipating market needs and customer-driven by understanding and addressing customer needs
• To able to influence key stakeholders and connect with different part of the business
• To motivate and inspire others- be a role model with an open-mind, seeking to hear and respect diversity of thought while empowering and trusting others to make the right decisions
• To keep improving the services and have an end-to-end customer focus approach
• To build a strong relationship with security, product, and engineering teams, understanding their strengths, aspirations and motivations, adapting your leadership style as the team develops
• To coach, connect and engage with your team - supporting them to solve their own problems
• To take responsibility for your team's performance, setting clear objectives and targets for the year, monitoring performance and holding your team to account - celebrating success and driving for improvement
• To provide regular and ongoing feedback to each team member to aid team performance, and be open to feedback yourself
• To embed a safety mind-set within your team and create an open, two-way environment for communication and ideas sharing
• To build a broader network with other leaders across the organisation
• To actively develop yourself as a leader and be a role model to your team of the type of behaviours you expect
• To drive action and change to improve the customer experience
• To identify and implement commercial solutions to deliver value
• To ensure your team adheres to company data management principles