Junior Vulnerability Management Engineer

• Supports the planning, development and execution of vulnerability scans of the organisations information systems
• Assists with identifying and resolving false positive findings in assessment results
• Assists with reconnaissance and information collection on the target environment or attack surface
• Supports the identification of potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users)
• Supports the validation of weaknesses via exploitation, and reports their findings
• Assists with providing recommendations on security controls and/or corrective actions for mitigating technical and business risk
• Supports the creation of hypotheses for analytics and testing of threat data
• Analyses data from threat and vulnerability feeds and analyses data for applicability to the organisation
• Supports the generation of reports on assessment findings and summarises to facilitate remediation tasks
• Assists with communicating lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities

• High level of technical expertise in cybersecurity, including familiarity with relevant penetration and intrusion techniques and attack vectors
• Understanding of web technologies
• Grasp of core security fundamentals and concepts
• Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities
• Understanding of offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool
• Proficient at creating their own scripts regular expressions in their preferred scripting language
• Technical knowledge in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
• Technical knowledge in security engineering, system and network security, authentication and security protocols

The following certifications desired but not essential: Certified ethical hacker (CEH), global information assurance certification (GIAC), GIAC certified pen tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), offensive certified security professional (OSCP) and offensive security certified (OSC)

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in
• A working culture that embraces inclusion and celebrates diversity
• We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum)
• An environment that places sustainability, equality and digital transformation at the heart of what we do
• A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits