Vulnerability Management is the management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.

If you're passionate about IT security, then working in vulnerability management is an interesting and essential role in any organisation. 

As an experienced Vulnerability Practitioner, you conduct and interpret vulnerability scans. You're probably involved with the team responding to security incidents, working out the root causes of incidents and collating the lessons learned. You drive fundamental change within the organisation by helping to develop security initiatives; this may include briefing and educating other teams within the organisation on vulnerabilities and solutions to them, or mentoring junior team members. You also may be responsible for providing reports to clients on their systems’ vulnerabilities, turning technical analysis into something that non-technical readers can understand.

What does a day in the life look like?

• Stay up to date with reports of vulnerabilities in ff-the-shelf software and hardware
• Research potential vulnerabilities in the organisation’s systems
• Identify and prioritise vulnerabilities
• Propose and implement mitigations for identified vulnerabilities
• Work on different projects such as patch compliance and sector-specific compliance (for example, with PCI-DSS standards)
• Work with our internal and external Certifying Authorities (CA)
• Configure ADFS and remote access solutions
• Run network and application vulnerability scans
• Provide support to and work directly with clients on vulnerabilities
• Write and deliver client reports

Ideal Personal Skills:

• Inquisitive nature and a problem-solving approach
• Prioritises work and escalate issues appropriately
• Interpersonal skills enabling effective interaction with technical and non-technical teams
• Verbal and written communication skills
• Evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action

Ideal Specialist Skills:

• Interpreting, analysing, and reporting information/data security events and anomalies in accordance with Information Security directives
• Assessing new vulnerabilities, investigating solutions, and recommending controls to minimise risks that could arise
• Operating network intrusion detection, forensics, network access control, and other information security systems
• Troubleshooting and resolving failed patch installations and SCCM automation jobs
• Configuring and troubleshooting networks
• Using network and application scanning tools and utilities, such as SCCM, Nexpose Rapid 7, HP WebInspect, HCL AppScan, Nessus, Burp Suite and NMAP
• Configuring encryption protocols and algorithms
• Onboarding and decommissioning devices
• Maintaining an asset database

What are the transferable skills that I can bring over from a different career?

Any role in which you carry out research, closely analyse a situation or event, and share findings with colleagues may provide a foundation, with additional specialist training, for moving into Vulnerability Management. 

Such roles include:

• police services: detection and intelligence roles
• military services: intelligence analysts
• business assurance
• communications engineers